The UK’s new Code of Practice for App Store Operators and App Developers provides companies with privacy-related resources. It also highlights ICO privacy expectations. Participating in the code is done by voluntarily complying with it (it is not mandatory). The UK Department for Digital, Culture, Media, and Sport, though, is not only working with leading companies to participate in the code, but also is looking at whether current laws should be expanded and/or if code participation should become mandatory.
Compliance under the code follows an eight-step approach. Those include keeping apps’ security controls updated, and outlines how companies should handle data breaches (referring developers to the ICO’s breach guidance).
Another step is providing privacy information to consumers in an “accessible” way. Privacy-related information companies should provide consumers mirrors requirements of UK GDPR. Among other things, the code specifically calls out explaining what analytics and marketing activities in which the company will engage.
Putting it into Practice: Companies launching an app in the UK market can look to the code for insight in applying UK GDPR to apps. Even if a company does not wish to attest to compliance at this time, the code is worth understanding to the extent participation in the code, or the code’s compliance approach, become law in the future.