Mobile Apps Website Trading With Consumers in 2018 – Privacy Policies
The author is a UK qualified and fully licensed current practicing solicitor that has had spectacular success in intellectual property cases and with launching the digital technology start-ups he represents. He is an expert in technology media telecommunications, as well as IP dispute resolution, contracts and registration
Machine based learning through user data analysis is the name of the digital game. In all consumer facing digital apps or websites, whether they contain complex or simple features, it is a legal requirement that their privacy policies are comprehensible and printable.
The Data Protection Act 1998
The Data Protection Act 1998 (the 1998 Act) still applies to all personal data collected on a UK facing website and must be considered for all UK Privacy Policies.
A good understanding of the 1998 Act will provide the foundation for the internal company rules for collecting and processing personal data but actual practical compliance requires understanding of how the business works in practice. So more practical thinking is needed to implement a good data protection policy that covers: notification, data security, privacy and compliance policies, effective data protection notices, managing multiple data processors, addressing breaches, data subject access requests and extra-jurisdictional data transfer, amongst other things. You should also cover the risks of non-compliance in any internal code or rules so that all employees are on the same page. Note that a cookie compliance policy is essential.
Data Protection and Social Media
As mentioned above, machine based collection and analysis of intimate personal data is a main driver of digital business and in social media networks more than ever. Any website that enables online communication through features such as chat rooms; instant messaging; bulletin boards; and status updates will need to have tailored rules and policies as well as provide notices that comply with data protection and privacy laws for collecting data. It will also need to comply with related laws that deal with the processing of the data or data mining of its users for behavioural advertising or marketing analysis.
Social Networking Sites and Apps contain several serious legal risks for the provider including intellectual property infringement by its users who may upload copyright or trademarked content; false identity or misrepresentation – fraudulent traders or profiles designed to defraud the public, identity theft or solicit a date pretending to look like someone else particularly on dating Apps like Tinder. The Consumer Protection from Unlawful Trading Regulations 2008 make it an offence to mislead consumers in a commercial practice. There are antisocial laws that prevent harassment such as s1 The Malicious Communications Act 1988, s127 The Communications Act 2003, ss 2 and 3 The Protection from Harassment Act 1997; and/or that protect the public from slander and libel such as The Defamation Act 2013. There are also laws addressing malicious falsehoods and prosecution.
There are exceptions provided in the Electronic Commerce (EC Directive) Regulations 2002, SI 2002/2013 which protect internet service providers or application service providers from the conduct of the users in Regulations 17, 18 and 19. The mere conduit exemption (r17) is applicable to social networks. Clear terms and conditions to use the site are essential to rely on the exemption.
Employers should have clear comprehensive social media policies as well as related clauses in their employment agreements and staff handbook. Social media is often used for recruiting and vetting potential employees. There are potential legal risks to this practice including anti-discrimination claims. Reference should be made to the ICO’s Data Protection Employment Practices Data Protection Code before using social media to vet potential employees. Employment contracts should also cover intellectual property including database and copyright assets on social media sites such as LinkedIn.
Data Protection in 2018
Data protection law in the UK is about to undergo significant change. The General Data Protection Regulation, Regulation (EU) 2016/679, (the GDPR) was published in the Official Journal of the EU on 4 May 2016. Its provisions will be directly applicable and fully enforceable in all EU Member States from 25 May 2018. The Regulations will be directly effective meaning that there will be no need for the UK to pass a local law to implement the Regulations. For comprehensive advice and practical assistance for implementing the major changes to the existing data protection legislation by 25 May 2018 you should seek legal advice. A great starting point is The Guide to the General Data Protection Regulation provided by the Information Commissioner’s Office.
PAIL Solicitors expertise is solely on digital technology and intellectual property matters with particular focus in copyright and trademark litigation and registration as well as commercial contract drafting. We really enjoy what we do and love to see clients launching and building businesses that are important to them. PAIL is in the best position to assist clients because we know our niche marketplace very well. Consultations are at hourly rates. If you wish to contact us for specific advice email to firstname.lastname@example.org.