Monday, September 29, 2014

Is government paying enough attention to privacy in its mobile apps?

Australian internet usage has just reached a tipping point, with more Aussies accessing the internet via their smartphones and tablets than via laptops and desktop computers.

This has been reflected in web usage statistics, with several agencies I talk to reporting that they now receive more of their website traffic from mobile devices than from desktop and laptop computers - particularly when excluding their own staff from the statistics.

There have also now been over 500 mobile apps designed, commissioned or reused by Australian government agencies and councils to deliver information, access services and report issues, including 69 apps from Federal agencies80 from Victorian government agencies22 from Queensland government agencies and many from local councils around the country.

There's even a few notable games, such as the ABS's Run That Town and Victoria's MetroTrains Dumb Ways to Die.

As a result there's an increasing need for agencies to pay attention to how they design mobile apps to ensure they meet appropriate accessibility and privacy standards.

The latter part of this, privacy, was the subject of a recent study and guide from the Office of the Australian Information Commissioner (OAIC) - Mobile privacy: A better practice guide for mobile app developers.

The guide reported that privacy was a key consideration for citizens, with a 2013 study by the OAIC finding that 62 per cent of Australians opt not to use smartphone apps because of concerns about the way personal information would be used.

The guide also mentioned a similar study in the US by the Pew Research Centre in 2013 that found that 51 per cent of teenage app users had avoided certain apps over privacy concerns, and over a quarter had uninstalled an app because it was collecting personal information they did not wish to share.

Now that's all fine when Australian governments are designing apps properly.

However the OAIC took part in an international 'sweep' on mobile app privacy back in May. As part of this the OAIC examined 53 popular free iOS apps, with a focus on apps produced by or on behalf of Australian businesses AND Australian Government agencies.

The OAIC found that a significant number of these mobile apps did not meet Australian privacy law requirements.

‘Of particular concern was that almost 70% of the apps we looked at failed to provide the user with a privacy policy or terms and conditions that addressed privacy prior to the app being downloaded’, Mr Pilgrim said.

The OAIC also found that almost 25% of the apps examined did not appear to have privacy communications tailored for a small screen.

Only 15% of the Australian-developed apps the OAIC examined provided a clear explanation of how they would collect, use and disclose personal information, with the most ‘privacy friendly’ apps offering brief, easy to understand explanations of what the app would and would not collect and use based on a user granting permission.

I'm sure the OAIC has privately fed back information to agencies on how their apps failed to meet Australian privacy and actions are underway to rectify this.

Other agencies and councils that have developed, are developing or have partnered with commercial mobile apps also need to be aware of the risks they are taking on if they don't adequately meet Australian privacy law.

Under the updated law that came into effect earlier this year, penalties for government agencies and corporations range up to a million dollars - making the omission of a privacy statement or use of user data without clear permission quite an expensive proposition.

Hopefully agencies are aware of the OAIC's report and are ensuring that user privacy is taken into account within their mobile apps.

If not, I hope we see some high profile examples to ensure that other agencies change their behaviour.

No comments:

Post a Comment