Data privacy is a major topic of discussion around mobile apps today, and for good reason. Where do app developers draw the line between the need for personalization and the need to protect data privacy? What are the privacy laws and regulations that exist to darken that line?
Personalization is one of the things that sets an app apart from another. Without it, we wouldn’t be able to receive tailored recommendations on our favorite apps. Our experiences on apps like Netflix, Spotify, TikTok, and even Grab would be cold, colorless, and impersonal if not for personalization. But creating such experiences comes with a cost — the need to collect personal data.
The collection of personal data isn’t malicious per se, and personalization isn’t the only good product of personal data collection. Access to personal information like names and addresses allows apps to deliver many useful services that we use today — food delivery, ticket bookings, contactless payments, and more.
So when does the collection of personal data become a concern, and how are Malaysian laws and regulations protecting our developers and users?
Why Data Privacy Matters in App Design and Development
A user’s personal data includes their contact details, login credentials, photos, biometric data, financial information, location, IP address and other information that can help identify a user. The fear of being pried on through these forms of personal information, and the risks of personal data being collected, leaked and sold to third parties without consent, are the reasons users are apprehensive about personal data collection.
80% of apps use collected personal data for internal marketing, promoting their own products in and outside the app and serving ads from third parties that pay for the service.— A study on invasive apps by pCloud
According to a study conducted by pCloud, 80% of apps use collected personal data for internal marketing, promoting their own products in and outside the app and serving ads from third parties that pay for the service. Practices like these becoming commonplace over time, discreetly pushing boundaries, are the cause for concern among mobile app users.
While many of these apps are built by trusted organizations that are not likely to use personal data for malicious purposes apart from internal marketing, the risk of misuse by those that aren’t, calls for lawmakers, app stores, and app developers to be strict about data privacy and compliance to privacy regulations.
Data Privacy Regulations in Malaysia
What data legislation do Malaysian app developers abide by to protect mobile app users and app owners? The Personal Data Protection Act (PDPA) was introduced and put into effect in Malaysia on 15th November 2013, establishing a framework for safeguarding personal user data across sectors.
Anyone who collects and processes personal data in the context of business transactions is obligated to abide by these seven core principles:
App owners cannot obtain and use personal data unless the user has granted their written consent. Personal data can only be processed when it is done for lawful purposes and directly related to the functionalities of the application, only requiring the necessary data.
2. Notice and choice
App owners must inform app users about how their personal data will be used before the users are asked to give consent.
App owners are not allowed to disclose or share (with third parties) any of the user’s personal data for purposes outside of the ones stated within the terms and conditions.
Personal data can only be kept for as long as necessary. App owners must permanently erase any personal data that is no longer needed for an app’s functionalities.
App users have the right to access and amend their personal data if it is incomplete, misleading, inaccurate, or outdated. App owners are also entitled to refuse the corrections if the corrections are not agreed upon.
7. Data integrity
App owners must ensure that all the personal data collected is accurate, complete, recent, and not misleading. When additional information is required, app owners must inform the user before acquiring it.
What You Can Do to Protect Your Users
A lack of data privacy and compliance hurts both the user and the business owner. When a data breach happens, not only does the user suffer the risks of identity theft, financial theft, and general safety threats; a business suffers financial losses, operational downtime, reputational damage, and legal action.
Non-compliance with data privacy is not worth the risk for any party involved. With that being said, here’s a breakdown on how and why you should:
1. Let your users know how they’re protected
Apart from simply abiding by the Malaysian privacy laws, security concerns call for transparency between the user and the developer, in order to build trust. Users don’t want ambiguity when it comes to the collection of personal data. They want to know the what, why, when, where, and how of what you’re doing with their personal information.
- What personal data is being collected
- Why their personal data is collected
- Where their personal data gets transferred
- How their personal data is collected
- How their personal data is securely stored
- Any third parties involved in the app
2. Leverage cloud security
Although nothing is 100% immune to ever-evolving security threats, cloud integration offers many benefits that dampen concerns about data privacy. Businesses that are protected by cloud-based systems are able to offer their users increased security and boost their teams’ productivity.
What does cloud do for data privacy? Cloud security centralizes protection by allowing businesses to manage all their devices and endpoints centrally. This enhances and eases many business processes including traffic analysis, web filtering, network event monitoring, and even disaster recovery plans.
Top cloud service providers you can trust:
- Amazon Web Services (AWS)
- Microsoft Azure
- Google Cloud Platform
- IBM Cloud Services
- Adobe Creative Cloud
Securing Data With Cloud Integration at Snappymob
If you’re looking for app developers in Malaysia who know their way around data privacy, you’re in the right place. Cloud managed services are the best tools for securing data, and Snappymob takes security to heart.
As an AWS Select Partner, our mobile app developers are well versed in building cloud-based systems that are protected with AWS encryption methods, HTTPS, and cloud-oriented solution design, development, integration, deployment and management.