Towards the end of last year The Straits Times reported that 90 per cent of mobile apps in Singapore (including those from banks, telcos, real estate agents and financial advisers) do not adequately comply with data protection laws in Singapore. The concern continues this year in another article in the Straits Times. This topic is important. In today’s online world, it is worrying to hear about such a high level of non-compliance. In this post we look at the issues of non-compliance and provide our top tips to help app developers in 2016.
Why are apps still not in compliance?
There are two key areas where apps are not in compliance:
- Lack of transparency: Apps are not providing app users with clear information about what data is collected and are not obtaining informed consent from app users.
- Data maximisation: Apps are collecting more data than they really need. It doesn’t take much of a leap to understand that if apps collect more data than they need, then there is more risk of apps misusing the data that they don’t need. Why else would you collect it?
The level of non-compliance quoted is surprising. Apps are ubiquitous, all of us use apps and we all put our data onto apps on a daily basis. It is even more surprising because the data protection laws in Singapore have been on the books since 2012 and have been in force since mid-2014. In addition, the regulator (the PDPC) has published plenty of helpful guidance here.
So what if apps are non-compliant?
The PDPC has the ability to fine non-compliance (and in extreme cases there can be imprisonment).
As yet the PDPC has not fined a non-compliant app. However, the PDPC has actively fined and investigated others for non-compliance e.g. Xiaomi, Tuition Agency, M1. It can only take a few complaints to grab a regulator’s attention.
But it’s not just about the legal risk. Our view is that the data protection laws in Singapore represent good business and common sense. It is not hard to comply with the requirements and organisations that do so are more likely to win the trust of their customers.
Our top tips for app developers
The good news is that compliance is not difficult. So, to get 2016 off on the right path, app developers must (as a minimum) follow the following top tips:
- Allow users to exercise their rights over their data (e.g. to amend their data) through simple online access tools;
- If you are using data for direct marketing purposes, you must get up front, standalone consent and you must always provide an unsubscribe feature; and
- Set up robust security features to prevent data breaches.
For further information about “The Law of the App”, please see Matt Pollins’ article on the topic here.
With thanks to Matthew Hunter.