Data protection and privacy in mobile and online environments Guidelines for international best practice
by David Yates - [email protected]
Two separate guidelines have recently been issued in relation to matters of data protection and privacy in the mobile and online environments.
Although these are not directly applicable to businesses operating in the Middle East, respecting the privacy of customers in accordance with industry best practice is likely to enhance trust and may go some way toward ‘future proofing’ businesses in the event that international trends relating to data protection and privacy are picked up by law makers in this region.
ICC UK Cookie Guide
The International Chamber of Commerce (United Kingdom) published in April 2012 its “ICC UK Cookie Guide”. A copy can be found at the ICC’s website at: http://www.international-chamber.co.uk/components/com_wordpress/wp/wp-content/uploads/2012/04/icc_uk_cookie_guide.pdf
The ICC UK Cookie Guide is a tool to help website operators obtain informed consent from their visitors. The guide separates cookies into four categories:
• strictly necessary cookies,
• performance cookies,
• functionality cookies, and
• targeting or advertising cookies.
The guide builds upon the Information Commissioner Office’s recent publication on suggested methods for obtaining consent:
• obtaining consent in the course of acceptance of website terms and conditions;
• settings-led consent; feature-led consent;
• function-led consent; and
• notice and choice mechanisms such as sensitively deployed pop ups or header bars.
GSM Association’s Privacy Design Guidelines for Mobile Application Development
The GSM Association (www.gsma.com) has recently published its “Mobile and Privacy – Privacy Design Guidelines for Mobile Application Development”. A copy can be viewed at www.gsma.com/Mobile-Privacy-Design-Guidelines/.
What is valuable about these guidelines, in our view, is that they recognize that even if mobile phone applications provide useful services for mobile phone users, if these applications fail to meet the privacy expectations of users this will undermine users’ confidence and trust in mobile application organizations and the wider mobile ecosystem.
We have consistently maintained that in the absence of comprehensive data protection regulations in the UAE and in other Middle Eastern countries, commercial organizations nonetheless need to respect the privacy of their customers in accordance with industry best practice in order to create an environment of trusted customer relationships. The threat to an individual’s privacy in the online and mobile environments is a very public issue which is likely restricting the extent to which ordinary people take advantage of extraordinary new technologies in their every day lives.
The guidelines encourage the development, delivery and operation of mobile applications that help users understand what personal information a mobile application may access, collect and use; what the information will be used for, and why, and how users may exercise choice and control over this use.
Al Tamimi & Company’s Technology, Media & Telecommunications team regularly advises on data protection and privacy in the mobile and online environments, as well as in respect of the impact of other technological developments on our clients’ businesses. For further information, please contact David Yates at [email protected].