Upload File

privacyprotection in mobile app development - · pdf file•whether you think you are...

  • Home
  • Documents
  • PrivacyProtection in Mobile App Development - · PDF file•Whether you think you are collecting personal data, you should consider clearly stating the following details prior to app
26
Privacy Protection in Mobile App Development Henry Chang, Chief Personal Data Officer Office of the Privacy Commissioner for Personal Data, Hong Kong Electronics and Telecommunications Training Board Seminar Vocational Training Council 31 March 2016

Upload: duongminh

Post on 31-Jan-2018

215 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: PrivacyProtection in Mobile App Development - · PDF file•Whether you think you are collecting personal data, you should consider clearly stating the following details prior to app

Privacy Protection in Mobile App Development

Henry Chang, Chief Personal Data OfficerOffice of the Privacy Commissioner for Personal Data, Hong Kong

Electronics and Telecommunications Training Board SeminarVocational Training Council

31 March 2016

Page 2: PrivacyProtection in Mobile App Development - · PDF file•Whether you think you are collecting personal data, you should consider clearly stating the following details prior to app

• Where to find more help

• Basic principles of data protection

• Case studies on the good and the bad

• Best practice guide for mobile app development

Privacy Protection in Mobile App Development

1

Page 3: PrivacyProtection in Mobile App Development - · PDF file•Whether you think you are collecting personal data, you should consider clearly stating the following details prior to app

You can listen to a two‐hour training seminar

2

Page 4: PrivacyProtection in Mobile App Development - · PDF file•Whether you think you are collecting personal data, you should consider clearly stating the following details prior to app

xx

www.pcpd.org.hk/misc/dpoc

If you become a member of the Data Protection Officers’ 

Club3

Page 5: PrivacyProtection in Mobile App Development - · PDF file•Whether you think you are collecting personal data, you should consider clearly stating the following details prior to app

What are the basic data protection principles?

Developing Mobile Apps with Privacy Protection in Mind

4

Page 6: PrivacyProtection in Mobile App Development - · PDF file•Whether you think you are collecting personal data, you should consider clearly stating the following details prior to app

Data Flow and Data Protection Principles (DPPs)

Personal Data Flow

CollectionRetention/ ErasureStorage, Use or Processing

DPP 6 – Rights of access and correctionDPP 5 – Transparency

DPP 1 – Collection

DPP 3 – UseDPP 2 – Accuracy and retention

DPP 4 – Security

IT System

5

Page 7: PrivacyProtection in Mobile App Development - · PDF file•Whether you think you are collecting personal data, you should consider clearly stating the following details prior to app

A clever person solves problem,

a wise person

The Essence of Privacy by Design

avoids it.

6

Page 8: PrivacyProtection in Mobile App Development - · PDF file•Whether you think you are collecting personal data, you should consider clearly stating the following details prior to app

1. Is the access of the information necessary?a) If access is necessary, has it been explained in the collection statement/privacy policy?b) If access is necessary, is the uploading of the information necessary?c) If uploading is necessary, is the storage necessary?d) If access is necessary, is the sharing/transferal of the information necessary?

2. What other information is being collected/combined/associated?

3. What safeguards (such as validation, proper encryption and access controls) are in place to the information accessed/transmitted/shared/kept?

4. Is the retention policy reasonable and can app users opt‐out of any of these collections and erase/delete collected information and accounts?

5. Do you have a set of process and procedures to fulfil the data access and correction obligation?

Privacy by Design – When Applying to App Development

7

Page 9: PrivacyProtection in Mobile App Development - · PDF file•Whether you think you are collecting personal data, you should consider clearly stating the following details prior to app

• Whether you think you are collecting personal data, you should consider clearly stating the following details prior to app installation

• what, when and why you are accessing the information

• whether the information would be collected, uploaded, stored and/or shared

• what use you have (particularly any use beyond the mobile device)

• whether information will be combined with other information (collected at the same time or by other means) for

• Tracking/profiling purpose

• advertising purpose

Recommendations

8

Page 10: PrivacyProtection in Mobile App Development - · PDF file•Whether you think you are collecting personal data, you should consider clearly stating the following details prior to app

• Use reliable software development tools (SDKs; libraries)

• Understand what access third‐party tools (such as those from Flurry) will have to mobile device data

• Use most granular/specific/least privileged calls you can

• Remember Confidentiality, Integrity and Accountability

• Be familiar with mobile‐specific vulnerabilities/hacking techniques

• Perform code‐review and software testing

Technical Considerations

9

Page 11: PrivacyProtection in Mobile App Development - · PDF file•Whether you think you are collecting personal data, you should consider clearly stating the following details prior to app

Examples

The good, the bad and the ugly…

10

Page 12: PrivacyProtection in Mobile App Development - · PDF file•Whether you think you are collecting personal data, you should consider clearly stating the following details prior to app

Examples

The good…

11

Page 13: PrivacyProtection in Mobile App Development - · PDF file•Whether you think you are collecting personal data, you should consider clearly stating the following details prior to app

• Available before installation

• (Nearly) single page and in simple language

• Specific to the types of data accessed

• Assured users what it would not do

• But – don’t copy this…

The Good ‐ Transparent

12

Page 14: PrivacyProtection in Mobile App Development - · PDF file•Whether you think you are collecting personal data, you should consider clearly stating the following details prior to app

The Good ‐ Build Your Own Granular Controls

For iPhone: Why not ‘port’ the logic to Android?

13

Page 15: PrivacyProtection in Mobile App Development - · PDF file•Whether you think you are collecting personal data, you should consider clearly stating the following details prior to app

Examples

and the ugly…

14

Page 16: PrivacyProtection in Mobile App Development - · PDF file•Whether you think you are collecting personal data, you should consider clearly stating the following details prior to app

Mistake or Don’t Care?

15

Page 17: PrivacyProtection in Mobile App Development - · PDF file•Whether you think you are collecting personal data, you should consider clearly stating the following details prior to app

Over‐collection or Don’t Care?

16

Page 18: PrivacyProtection in Mobile App Development - · PDF file•Whether you think you are collecting personal data, you should consider clearly stating the following details prior to app

Best Practice Guide for Mobile App DevelopmentPlease check out the “Best Practice Guide for Mobile App Development”

http://www.pcpd.org.hk/english/publications/files/Mobileapp_guide_e.pdf

17

Page 19: PrivacyProtection in Mobile App Development - · PDF file•Whether you think you are collecting personal data, you should consider clearly stating the following details prior to app

Best Practice Guide for Mobile App Development:Modular and flow‐chart approach

18

Page 20: PrivacyProtection in Mobile App Development - · PDF file•Whether you think you are collecting personal data, you should consider clearly stating the following details prior to app

Best Practice Guide for Mobile App Development:Legal requirements

19

Page 21: PrivacyProtection in Mobile App Development - · PDF file•Whether you think you are collecting personal data, you should consider clearly stating the following details prior to app

Best Practice Guide for Mobile App Development:Privacy by Design explained

20

Page 22: PrivacyProtection in Mobile App Development - · PDF file•Whether you think you are collecting personal data, you should consider clearly stating the following details prior to app

Best Practice Guide for Mobile App Development:Best practice recommendations

21

Page 23: PrivacyProtection in Mobile App Development - · PDF file•Whether you think you are collecting personal data, you should consider clearly stating the following details prior to app

Best Practice Guide for Mobile App Development:Checklist for self‐evaluation

22

Page 24: PrivacyProtection in Mobile App Development - · PDF file•Whether you think you are collecting personal data, you should consider clearly stating the following details prior to app

Best Practice Guide for Mobile App Development:Transparency

23

Page 25: PrivacyProtection in Mobile App Development - · PDF file•Whether you think you are collecting personal data, you should consider clearly stating the following details prior to app

Your App Could be Here Next Year as a Good Example…

24

Page 26: PrivacyProtection in Mobile App Development - · PDF file•Whether you think you are collecting personal data, you should consider clearly stating the following details prior to app

Privacy Protection in Mobile App Development

25


Build you own yammer app

Stating a Mysterious Figure

Application Centric Infrastructure · APP APP APP APP APP APP ACI Monitoring . What does this mean to you? Application- centric ... Automated security device configuration Audits

Google App Engine: Should you or should you not?

People v. DuPree 2017 IL App (2d) 141013-U · 2017 IL App (2d) 141013-U a photographic lineup containing six photos, and he circled defendant’s photo, stating that he was “seventy

iPad publishing : Should you have a native app or a web app?

Comp Stating Welfare

Ways in stating research problem.report

Dictionary App Builder: Building Apps - SIL Internationalsoftware.sil.org/downloads/r/dictionaryappbuilder/Dictionary-App... · Before you build an app with Dictionary App Builder

TalkToMe: A beginner App Inventor app · PDF fileTalkToMe: Your first App Inventor app - 1 TalkToMe: A beginner App Inventor app This step-by-step picture tutorial will guide you through

Dictionary App Builder: Building Apps - SIL Internationalsoftware.sil.org/downloads/r/dictionaryappbuilder/... · 2020-04-28 · Once you publish your app on an app store, you cannot

What do you know about app development? Why are you interested in app development? What do you plan to learn today? Is app development something your

SAP BI Stating Process

App Store Optimization - App Samurai · the app. Besides, you shouldn’t add your app name into your app icon. Users can already see your app name on your app page, so it is unnecessary

You Mix App - Presentación Oral

WICShopper App and WIC Card...WICShopper App and WIC Card . 1 | Page . If you have a WIC Card, you can register it to your WICShopper app. When the card is added to the app, the app

The App - YugenThe App •Make sure you have the latest version. Check the iOS app store or Google Play store. •Register yourself in the app. Be sure that you

the Art of stating

tmz.vo.llnwd.nettmz.vo.llnwd.net/o28/newsdesk/tmz_documents/0112_redick_wm.pdfmessages stating "You will be sought after, and you should be scared", ' 'You will burn in hell". Redick

Oreo. Stating Your Opinion

RecycleSmart Recycling Near You App

Calentamiento Write a sentence stating 5 things you have in your backpack and another stating one thing you need (Necesito) Write how you would tell someone

Stating the Purpose

Stating a problem (2)

That .NET App You Wanted to Build? · 3/25/2019 That .NET App You Wanted to Build? We Built It for You!

Dreamforce to You Madrid: App Cloud

El Verbo Ser Ser – to be (in a more permanent sense) –Ex: describing someone’s characteristics, stating the time, stating where you are from IRREGULAR

TalkToMe: A beginner App Inventor app · TalkToMe: Your first App Inventor app - 1 TalkToMe: A beginner App Inventor app This step-by-step picture tutorial will guide you through

Officialexaminationpapers …assets.cambridge.org/97811076/03196/frontmatter/...receive the Cambridge English: First stating that you demonstrated ability at Level C1. if you have

Bon App-etite · mobile payment strategies with 62.5% stating new payment options as an influencing driver to ... Amplify your restaurant’s visibility with ... Marketing promotion

Food for you app

Stating Shaded Inequalities

So You Think You Can App?

Seagate Media App - iOS · PDF fileSeagate Media App - iOS Welcome The media app helps you manage media and documents that you copy to compatible wireless

Publish you App on Google play