The mobile app market has rapidly developed in the past two decades, with many potential legal issues. App developers must make the app comply with all the legal requirements of the country or region where it is made available. Moreover, besides compliance, developers should also know how to legally protect their interests.
There are three main issues of particular importance in app development and will be discussed here: (1) Personal data privacy (2) Contractual relationship with the development company (3) IP right protection.
Personal Data Privacy
The user’s privacy should be protected throughout data collection, usage, analysis, transmission, and personal identity identification. It requires developers not only to take great caution when collecting data but also to take the necessary steps to protect it afterward.
In November 2014, the Office of the Privacy Commissioner for Personal Data (PCPD) first published Best Practice Guide for Mobile App Development (shorted as Best Practice Guide below), which gives comprehensive and practical guidance on personal data protection for app developers.
- Definition of personal data
Personal Data (Privacy) Ordinance, section 2: “Personal data (個人資料) means any data—(a) relating directly or indirectly to a living individual; (b) from which it is practicable for the identity of the individual to be directly or indirectly ascertained, and (c) in a form in which access to or processing of the data is practicable;”
Some common personal data include a unique device identifier, location, phone number, name, contact list, stored photos/videos/recordings, email address, calendar, and brose history.
- The Six Data Protection Principles (“DPPs”) listed in Best Practice Guide.
1- Purpose and Manner of Collection
Data should be collected lawfully. The purpose of collecting personal data must be within the app’s function and for generating necessary activity. Moreover, the data subjects must be informed of the purpose of collecting data and how it will be used.
2- Accuracy and Retention Duration
Data users need to ensure accuracy when using data and all the personal data collected will only be kept for a necessary period of time.
Personal data can only be used in the way consented by the data subject. If there is further need to share personal data with other apps or other parties, prior consent from the data subject is needed.
It stands to reason that you need to regulate yourself to use data properly, but apart from that, you also need to actively prevent other parties from attacking, stealing, and misusing personal data when data is under your control. All reasonable steps should be taken by the data users to protect personal data. Measures such as encryption, access control based on “least-privileged rights” and “need-to-know” principles may be helpful in practice.
6- Access and correction
You should comply with data access and data correction requests in requirements under the Ordinance.
- Data protection in practice
Regarding specific types of data which is necessary for app operation. It is better to think out a backup plan when users refuse to give such consent. For example, if users decline the app to access their location, an alternative may be provided to ask them to type in the approximate location instead.
Contractual relationship with the development company.
To enable apps to be used on mobile phones, the product owner needs to sign a contract with the development company. Currently, App Store (IOS) and Google Play (Android) are the two biggest players in this field. However, the recent lawsuits brought by Epic Games against Apple and Google based on monopoly shed light on the application of third-party app platforms in IOS or Android. If it won the case, the current market will inevitably change.
No matter which platform you are going to hit, it is important to bear these points in mind.
- Sign an NDA
Prior to discussing your business idea and workflow with the development company, or with any other parties, a Non-Disclosure Agreement (NDA) should be signed to protect your business idea from possible stealing or competition.
- Terms of the agreement
- Abide by the platform’s guidelines
Apart from local law requirements, Apple and Google also have their own regulations imposed on app developers. Carefully examine the App Store Legal Guidelines and Google Policy and Terms, make sure to comply with all the requirements before your app is submitted to the development company.
There are two aspects of IP rights for app developers to concern about. First, protect your own IP rights from being infringed. Second, keep away from infringing the IP rights of third parties.
- What can be protected under IP law?
IP rights include copyright, trademark, and patent. Copyright can be used to protect the source code, design, and content of your app. Trademark is concerned with the app name, logo, slogan, and brand name. Patent is less common than copyright and trademark in app development practice but is useful to protect something new or not obvious in your app.
- How to protect your idea from being stolen?
As previously mentioned, it is always good practice to sign a Non-Disclosure Agreement (NDA) before discussing your app development idea with others. Though an NDA cannot wholly ensure your business idea security, it is nonetheless a strong legal weapon against anyone who violates it.
App Store Conditions
You will likely distribute your app through either Apple’s App Store, Google Play for Android Devices, or both. In addition to complying with local laws, the developer must also comply with the policies and guidelines of each publisher along with the Developer Agreement. Breach of App Store policies or the agreement may lead to removal of the app.
The Apple App store has a long and drawn out approval process, and small errors can lead to rejection. Apps in general also need to be more distinctive. There is a $99 USD developer fee per year, and 30% of app revenue is shared with Apple. For subscription products, the revenue share drops to 15% after 12 months.
In general, it is less tedious to submit an App to Google Playstore and to have it approved. It also only costs $25 USD to enroll as an app developer, and 30% of app revenue is shared with Google. For subscription products, the revenue share drops to 15% after 12 months.