Mobile app development and data protection

The following Information Law practice note provides comprehensive and up to date legal information covering:

  • Mobile app development and data protection
  • Key parties in the app ecosystem
  • Regulatory framework under the UK GDPR
  • The UK GDPR
  • Meaning of ‘processing’ and ‘personal data’
  • Whether the UK GDPR regime applies
  • Mixed datasets
  • Controllers or processors
  • Core principles
  • Other requirements
  • More...

Mobile app development and data protection

This Practice Note refers to mobile apps: the software applications that run on mobile devices. Mobile devices include mobile phones, tablets, smart watches and other ‘wearable tech’, and other devices that run apps on an operating system (OS) that acts as a platform onto which apps are built and displayed to the user.

This Practice Note:

  1. identifies the main parties in the app lifecycle and sets out the key motivations for the collection of smart device-related personal data

  2. discusses the regulatory regime which applies under the United Kingdom General Data Protection Regulation, Retained Regulation (EU) 2016/679 (the UK GDPR) as it applies to mobile apps in the UK

  3. analyses the interaction between the UK GDPR regime and UK’s ePrivacy regime applicable to information stored or accessed on devices in the context of mobile apps

  4. explains why particular care must be taken with location data

  5. illustrates practical considerations that app providers should consider for compliance with the UK GDPR regime when developing apps

  6. sets out a checklist of key issues for app providers to consider, and

  7. notes certain other laws relating to the flow of data or information, including those applicable to social media, advertising and direct marketing which may be relevant

App lifecycle parties such as providers, developers, manufacturers, app stores and communication service providers are all subject to data protection

Popular documents