Data privacy is a major topic of discussion around mobile apps today, and for good reason. Where do app developers draw the line between the need for personalization and the need to protect data privacy? What are the privacy laws and regulations that exist to darken that line?
Personalization is one of the things that sets an app apart from another. Without it, we wouldn’t be able to receive tailored recommendations on our favorite apps. Our experiences on apps like Netflix, Spotify, TikTok, and even Grab would be cold, colorless, and impersonal if not for personalization. But creating such experiences comes with a cost — the need to collect personal data.
The collection of personal data isn’t malicious per se, and personalization isn’t the only good product of personal data collection. Access to personal information like names and addresses allows apps to deliver many useful services that we use today — food delivery, ticket bookings, contactless payments, and more.
So when does the collection of personal data become a concern, and how are Malaysian laws and regulations protecting our developers and users?
Why Data Privacy Matters in App Design and Development
A user’s personal data includes their contact details, login credentials, photos, biometric data, financial information, location, IP address and other information that can help identify a user. Users are apprehensive about personal data collection due to the fear of being pried on through these forms of personal information and the risks of personal data being collected, leaked, and sold to third parties without consent.
80% of apps use collected personal data for internal marketing, promoting their own products in and outside the app and serving ads from third parties that pay for the service.
— A study on invasive apps by pCloud
According to a study conducted by pCloud, 80% of apps use collected personal data for internal marketing, promoting their own products in and outside the app and serving ads from third parties that pay for the service. Practices like these becoming commonplace over time, discreetly pushing boundaries, are the cause for concern among mobile app users.
Trustworthy organizations create many apps that use personal data only for internal marketing and don’t misuse it. However, the risk of misuse by untrustworthy entities calls for strict data privacy regulations. Lawmakers, app stores, and developers should comply with these regulations.
Data Privacy Regulations in Malaysia
What data legislation do Malaysian app developers abide by to protect mobile app users and app owners? Malaysia introduced and put into effect the Personal Data Protection Act (PDPA) on 15th November 2013 to establish a framework for safeguarding personal user data across sectors.
These seven core principles apply to anyone who collects and processes personal data in the context of business transactions:
1. General
App owners cannot obtain and use personal data unless the user has granted their written consent. The application can only handle personal data that is necessary for lawful purposes and directly related to the application’s functionality.
2. Notice and choice
App owners must disclose personal data use before obtaining consent from users.
3. Disclosure
The app owners cannot disclose or share any user’s personal data with third parties for purposes outside of the terms and conditions.
4. Security
App owners are to take specific steps to protect personal user data against abuse, accidental or unauthorized disclosure, destruction or loss. User-accessible privacy policies must document these processes.
5. Retention
App owners must ensure that personal data is kept only for as long as necessary, and must permanently erase any personal data that is no longer needed for an app’s functionalities.
6. Access
App users have the right to access and amend their personal data if it is incomplete, misleading, inaccurate, or outdated. App owners can also refuse corrections if they do not agree to them.
7. Data integrity
App owners must ensure that all the personal data collected is accurate, complete, recent, and not misleading. Of course, app owners must notify users before collecting extra data.
What You Can Do to Protect Your Users
Both the user and the business owner lose when there isn’t enough data privacy and compliance. When a data breach happens, not only does it put the user at risk of identity theft, financial theft, and other threats to their safety, but it also puts the business at risk of financial losses, operational downtime, damage to its reputation, and legal action.
No party should risk data privacy violations. That said, here’s a breakdown on how and why you should:
1. Let your users know how they’re protected
Apart from simply abiding by the Malaysian privacy laws, security concerns call for transparency between the user and the developer, in order to build trust. Users don’t want ambiguity when it comes to the collection of personal data. They want to know the what, why, when, where, and how of what you’re doing with their personal information.
Digital products meet this criterion through security gates like access permission pop-ups, Privacy Policies, and Terms & Conditions. Before a user uses an app that collects personal data, these checkpoints are necessary for compliance to inform the user about:
- What personal data is being collected
- Why their personal data is collected
- Where their personal data gets transferred
- How their personal data is collected
- How their personal data is securely stored
- Any third parties involved in the app
2. Leverage cloud security
Although nothing is 100% immune to ever-evolving security threats, cloud integration offers many benefits that dampen concerns about data privacy. Cloud-based systems offer increased security and boosted productivity for teams, providing protection for businesses and their users.
What does cloud do for data privacy? Cloud security centralizes protection by allowing businesses to manage all their devices and endpoints centrally. This enhances and eases many business processes including traffic analysis, web filtering, network event monitoring, and even disaster recovery plans.
Top cloud service providers you can trust:
- Amazon Web Services (AWS)
- ServerSpace
- Microsoft Azure
- Google Cloud Platform
- IBM Cloud Services
- Adobe Creative Cloud
- Kamatera
- VMware
Securing Data With Cloud Integration at Snappymob
If you’re looking for app developers in Malaysia who know their way around data privacy, you’re in the right place. Cloud managed services are the best tools for securing data, and Snappymob takes security to heart.
As an AWS Select Partner, our cloud-savvy mobile app developers use AWS encryption technologies, HTTPS, and cloud-oriented solution design, development, integration, deployment, and management.
Take a look at our work, check out our verified client reviews on Clutch, or drop us a message on your next big project!