Many mobile apps need to collect personal data in order to function. Others rely on this personal data to keep their apps free and create a revenue stream. But collecting personal data can open mobile app companies up to potential lawsuits if it is mishandled.
When it comes to privacy policies for mobile apps, there are five basic guidelines developers should follow in order to reduce their risk of lawsuits, and minimize their liability insurance coverage premiums:
- Privacy policies need to be easy to understand
- Privacy policies must be conspicuously posted
- Users should agree to the policy before using the app
- ‘Do Not Track’ options should be clearly defined
If an app collects certain types of data such as web browsing or location data, there may be additional requirements that developers must comply with. Most notably, developers must disclose if third parties may collect data, offer the ability for users to request not to be tracked, and disclose how they handle ‘Do Not Track’ requests.
If a mobile app makes changes to the data being collected, what it is being used for, or who it is being shared with, notifying users of the changes and requiring they agree to the new terms reduces liability exposure.
While the guidelines above provide a good place to start, there may be other technical requirements, so it is important to know the laws. In the U.S., the predominant law is California Online Privacy Protection Act (CalOPPA), which applies to any apps that can be downloaded in California. A more thorough discussion of the CalOPPA requirements can be found here.
Mobile apps that collect data for students or children under the age of 13 may be subject to additional requirements under the Student Online Protection Act (SOPIPA) and the Children’s Online Privacy Protection Act (COPPA). Under COPPA, only certain information is allowed to be collected, and apps must have a reliable means of verifying parental consent.
For developers providing their apps outside the U.S., this can mean additional regulations to follow and create added liability. Europe has some of the strongest privacy protection laws, known as the EU General Data Protection Regulation (GDPR), but companies need to make sure they are complying with the laws in the countries their app is being used.
Privacy Policies and Liability Insurance
Carrying liability insurance to protect against privacy violations is a smart investment for mobile app developers. But, creating a personalized policy for a developer means calculating the risks and exposure they may have - and that requires technical expertise. Small differences in language, or how privacy policies are handled can make a big difference in the amount of exposure, which is why it is so important for insurance brokers to work with an underwriter like Admiral Insurance Group.
If you are an insurance wholesaler looking for an underwriter, contact us about becoming a wholesale partner. If you are a retail broker with mobile app, software and other related technology clients, locate a wholesale broker to offer your clients personalized E&O and liability insurance policies underwritten by Admiral.
Products and services described above are provided through various surplus lines insurance company subsidiaries of W. R. Berkley Corporation and offered through licensed surplus lines brokers. Not all products and services may be available in all jurisdictions, and the coverage provided by any insurer is subject to the actual terms and conditions of the policies issued. Surplus lines insurance carriers do not generally participate in state guaranty funds and insureds are therefore not protected by such funds.