By Arunesh Bhardwaj July 29, 2016
In the age of internet and smart phones, every facility is just a click away on an app. You need a cab; it is just a click away. You are hungry and need food, the food is just a click away.
An application or app is a medium that helps in providing different facilities to its user and nowadays there is application for almost everything. A developer develops an application which on the basis of the information collected from the user gives the requisite information that is sought by the user. So, in the process of providing the information to the user; the app also collects information about the user.
As per section 2(1)(v) of the Information Technology Act, 2000; information includes data and data means representation of information, knowledge, facts. So, anything about the user that an application needs is information and without this information, the application won’t be able to provide service to the user. Now, in accordance with the legal provisions, there are 5 things that a developer must keep in mind while developing an app:
- Clear and easily accessible statement of its practice and policies
- Type of information that will be collected
- Purpose of collection and its usage
- Security Practices and Procedures.
- The consent of the user must be there
The information about an individual comprises the privacy of the person and this information can be taken only if prior consent from the person is there. Now, if we take the information about the user without user’s consent it will be considered as a breach of privacy. To ensure that the user’s right to privacy is not breached, the consent of the user needs to be taken.
Sub-Rule 1 of Rule 5 of IT Rules, 2011; clearly mentions that a written consent of the information provider needs to be taken before collecting the information and this consent can be given through letter or fax or an email.
- The user must have knowledge that the information is being collected.
One can’t collect any information (which is not in public domain) about an individual without his knowledge. The person must be aware about the details and the fact that information about him is being collected. Apart from the knowledge that information is being collected, the user must have detailed information about why the information is being collected and to whom this information will be catered to.
Sub-Rule 4 of Rule 5 of IT Rules, 2011 directs the person or the body corporate collecting the information to ensure that while collecting the information, the information provider is having the knowledge that the information is being collected. Apart from the above, the person collecting information will also have to ensure that the information provider is having the knowledge of:
- The purpose for which the information is being collected.
- The intended recipients of the information.
- The detail of the agency collecting and retaining the information.
- The user must be provided with an option to not provide information
The main issue that needs to be taken care of while collecting any information is the privacy of the user. The person or the body collecting the information has to ensure that the privacy of the user is not breached.
As per Sub-Rule 7 of Rule 5 of IT Rules, 2011, the person or body collecting the information will have to provide the information provider with an option by way of which the information provider can opt to not provide the information that is being sought by the corporate body or any person. Also, the information provider must be provided with an option by way of which, at any time while availing the service of the body corporate, he can withdraw his consent given to the body corporate earlier.
- The information so collected when disclosed must be done with the permission of the user.
As per Sub-Rule 1 of Rule 6 of IT Rules, 2011, the information provided by the user can’t be shared to any third party without the consent of the user. This consent can be taken in any of the following ways:
- The permission to share the information to any third party can be mentioned in the contract signed between the user and the body corporate.
- The permission to share any information to any third party can be taken before doing so.
If the disclosure of such information is necessary for complying with any legal provision then the consent of the user is not required. Also, the consent of the user will not be required wherein the information has to be mandatorily shared with any government agencies.
The most important thing that a web developer needs to take care of is that while using the app, the privacy of the user is not violated in any way. The above mentioned points are in a way a checklist which will help the developer to ensure that the privacy of the user is not being breached in any way. The check list is not an exhaustive list but these are the important points that need to be taken care of.
Image Credits: https://termsfeed.com/blog/privacy-policy-ios-apps/
You may also want to read
Flipkart aims to double sales to $8 bn this year (March 2015-The Times of India)
Amazon India scores highest in user loyalty, says study (Forbes 2016)
The Shopping Malls Really Are Being Killed By Online Shopping (NDTV Times March 2016)
We come across headlines as above related to online...
With the release of the first ever Smartphone in 1992 (the IBM ‘Simon’) to the launch of the iPhone in 2007 and that of the first ever android Smartphone in 2008 (the HTC ‘Dream’), smart phones have rapidly emerged to become our preferred method of communication. The advent of Smartphone...
My email account was hacked. Can I take legal action against the hacker?
If you ask me what one of my worst fears is today, I would say it is “this username and password does not match.” Every time I misspell my password I have this latent fear that my account has been hacked. We have all had...