Many mobile apps need to collect personal data in order to function. Others rely on this personal data to keep their apps free and create a revenue stream. But collecting personal data can open mobile app companies up to potential lawsuits if it is mishandled.
In order to minimize this liability, mobile app companies need to make sure they are in compliance with relevant laws. As insurance brokers and underwriters, we can help mobile app companies understand how these laws apply to them, and what they need to do in order to follow privacy policy best practices.
Mobile App Privacy Policy Best Practices
When it comes to privacy policies for mobile apps, there are five basic guidelines developers should follow in order to reduce their risk of lawsuits, and minimize their liability insurance coverage premiums:
Privacy policies need to be easy to understand
When creating a privacy policy, a mobile app developer should use clear, concise language that tells consumers what information is being collected, what it is being used for, and who else it is being or may be shared with.
Privacy policies must be conspicuously posted
Most app stores require developers to put a link to their privacy policy on the app’s page in their store, but even if they don’t it is good practice to do so. The privacy policy should also be easily accessible from the app itself – usually under About, Help or Account Settings in the main menu, or in the footer of the main app screen. If there is a website associated with the app, it should be posted there as well.
Users should agree to the policy before using the app
Requiring users to explicitly agree to the privacy policy before using the app is one of the best ways to reduce risk of liability. Many apps accomplish this by having the privacy policy pop up the first time the app is opened, and requiring users to scroll to the bottom, check a box that says they have read and understand the policy, and tap a button indicating they agree to the terms of the policy.
‘Do Not Track’ options should be clearly defined
If an app collects certain types of data such as web browsing or location data, there may be additional requirements that developers must comply with. Most notably, developers must disclose if third parties may collect data, offer the ability for users to request not to be tracked, and disclose how they handle ‘Do Not Track’ requests.
Users should be notified of and agree to privacy policy changes
If a mobile app makes changes to the data being collected, what it is being used for, or who it is being shared with, notifying users of the changes and requiring they agree to the new terms reduces liability exposure.
Privacy Policy Compliance
While the guidelines above provide a good place to start, there may be other technical requirements, so it is important to know the laws. In the U.S., the predominant law is California Online Privacy Protection Act (CalOPPA), which applies to any apps that can be downloaded in California. A more thorough discussion of the CalOPPA requirements can be found here.
Mobile apps that collect data for students or children under the age of 13 may be subject to additional requirements under the Student Online Protection Act (SOPIPA) and the Children’s Online Privacy Protection Act (COPPA). Under COPPA, only certain information is allowed to be collected, and apps must have a reliable means of verifying parental consent.
For developers providing their apps outside the U.S., this can mean additional regulations to follow and create added liability. Europe has some of the strongest privacy protection laws, known as the EU General Data Protection Regulation (GDPR), but companies need to make sure they are complying with the laws in the countries their app is being used.
Privacy Policies and Liability Insurance
Carrying liability insurance to protect against privacy violations is a smart investment for mobile app developers. But, creating a personalized policy for a developer means calculating the risks and exposure they may have – and that requires technical expertise. Small differences in language, or how privacy policies are handled can make a big difference in the amount of exposure, which is why it is so important for insurance brokers to work with an underwriter like Admiral Insurance Group.
If you are an insurance wholesaler looking for an underwriter, contact us about becoming a wholesale partner. If you are a retail broker with mobile app, software and other related technology clients, locate a wholesale broker to offer your clients personalized E&O and liability insurance policies underwritten by Admiral.