According toan inaugural study of the privacy policies, ninety per cent of 113 popular apps downloaded from the Singapore Google Play store do not adequately declare what type of consumer data is collected or how it is used. These apps potentially falls foul of Singapore's Personal Data Protection Act (PDPA).
In addition, more than half of the mobile apps downloaded tried to get access to user’s sensitive information such as their online and social media identities and location.
The subjects of the three-month study are taxi apps and those from other areas such as banks, real estate agents and financial advisers…The study joint Straits Interactive and Appknox- two local data protection software-makers to carry out the survey and jumped into the conclusion last week.
Kevin Shepherdson, CEO Straits Interactive warned that users were freely giving permission for apps’ installation without knowing how their personal information would be used. He also noted that app developers needed to make the privacy policy clear in order to let user understand what data is collected and what it is used for.
Organisations that collect customer data that is unreasonable are also banned from the PDPA. For example, a calendar app asking for access to users' location and photos was considered excessive to collect user data.
Apps from real estate agents and financial advisers also require access to personal location, online identities, and even microphone and camera functions. Most of them do not explain how the data will be used. Also, other apps that seek access to user’s online identities, location and even microphone and photos are illegal unless they explain how the data will be used.
Mr Ken Chia, Baker & Mckenzie. Wong & Leow’s principal, said that excessive data collection might place organisations in bad situation because they might not be aware of their actions that might be contravening the Act.
The Personal Data Protection Commission, which governs the collection, use and disclosure of personal data, urged mobile app developers to review their policies according to the law. The spokesman said organisations should only gather and use customer’s personal data on reasonable purposes and with permission of customer. They should also inform customer about data collection unless it is in case of emergency.
HSBC's mobile banking app is one of only 10 per cent of the local apps that state clearly on their privacy terms. It requires user to share their location but for the purpose of locating nearby bank branches and ATMs. The app also asks for user’s call logs and device identification but it’s stated in the privacy policy that this access would let customers call directly to HSBC from the app and serve verification purposes.
According to Lawyer Gilbert Leong, a partner at Rodyk & Davidson, most apps might not request user data for negative purposes but app developers should have provided options for user to choose between turning on or off any privacy feature within an app.
0 Comments