Subscribe Here!


Privacy Policy Best Practices for Mobile Apps: Minimizing Liability Exposure

Many mobile apps need to collect personal data in order to function. Others rely on this personal data to keep their apps free and create a revenue stream. But collecting personal data can open mobile app companies up to potential lawsuits if it is mishandled.

In order to minimize this liability, mobile app companies need to make sure they are in compliance with relevant laws. As insurance brokers and underwriters, we can help mobile app companies understand how these laws apply to them, and what they need to do in order to follow privacy policy best practices. 


Privacy Policy Best Practices

When it comes to privacy policies for mobile apps, there are five basic guidelines developers should follow in order to reduce their risk of lawsuits, and minimize their liability insurance coverage premiums:


  1. Privacy policies need to be easy to understand
When creating a privacy policy, a mobile app developer should use clear, concise language that tells consumers what information is being collected, what it is being used for, and who else it is being or may be shared with.


  1. Privacy policies must be conspicuously posted

Most app stores require developers to put a link to their privacy policy on the app’s page in their store, but even if they don’t it is good practice to do so. The privacy policy should also be easily accessible from the app itself - usually under About, Help or Account Settings in the main menu, or in the footer of the main app screen. If there is a website associated with the app, it should be posted there as well.


  1. Users should agree to the policy before using the app

Requiring users to explicitly agree to the privacy policy before using the app is one of the best ways to reduce risk of liability. Many apps accomplish this by having the privacy policy pop up the first time the app is opened, and requiring users to scroll to the bottom, check a box that says they have read and understand the policy, and tap a button indicating they agree to the terms of the policy.


  1. ‘Do Not Track’ options should be clearly defined

If an app collects certain types of data such as web browsing or location data, there may be additional requirements that developers must comply with. Most notably, developers must disclose if third parties may collect data, offer the ability for users to request not to be tracked, and disclose how they handle ‘Do Not Track’ requests.


  1. Users should be notified of and agree to privacy policy changes

If a mobile app makes changes to the data being collected, what it is being used for, or who it is being shared with, notifying users of the changes and requiring they agree to the new terms reduces liability exposure.


Privacy Policy Compliance

While the guidelines above provide a good place to start, there may be other technical requirements, so it is important to know the laws. In the U.S., the predominant law is California Online Privacy Protection Act (CalOPPA), which applies to any apps that can be downloaded in California. A more thorough discussion of the CalOPPA requirements can be found here.

Mobile apps that collect data for students or children under the age of 13 may be subject to additional requirements under the Student Online Protection Act (SOPIPA) and the Children’s Online Privacy Protection Act (COPPA). Under COPPA, only certain information is allowed to be collected, and apps must have a reliable means of verifying parental consent.

For developers providing their apps outside the U.S., this can mean additional regulations to follow and create added liability. Europe has some of the strongest privacy protection laws, known as the EU General Data Protection Regulation (GDPR), but companies need to make sure they are complying with the laws in the countries their app is being used.


Privacy Policies and Liability Insurance

Carrying liability insurance to protect against privacy violations is a smart investment for mobile app developers. But, creating a personalized policy for a developer means calculating the risks and exposure they may have - and that requires technical expertise. Small differences in language, or how privacy policies are handled can make a big difference in the amount of exposure, which is why it is so important for insurance brokers to work with an underwriter like Admiral Insurance Group.

If you are an insurance wholesaler looking for an underwriter, contact us about becoming a wholesale partner. If you are a retail broker with mobile app, software and other related technology clients, locate a wholesale broker to offer your clients personalized E&O and liability insurance policies underwritten by Admiral.


Products and services described above are provided through various surplus lines insurance company subsidiaries of W. R. Berkley Corporation and offered through licensed surplus lines brokers.  Not all products and services may be available in all jurisdictions, and the coverage provided by any insurer is subject to the actual terms and conditions of the policies issued.  Surplus lines insurance carriers do not generally participate in state guaranty funds and insureds are therefore not protected by such funds.


Janna Davis

Written by Janna Davis

Janna Davis is a Senior Underwriter in the Professional Liability Department and has been with Admiral since 2010. With 17 years of experience in the insurance industry and 13 years specializing in PL insurance, Janna has taken on the roles of an agent, wholesale broker, and underwriter. She graduated from Troy University with a degree in Risk Management and Insurance. In her spare time, Janna enjoys helping others achieve their health and fitness goals as a CrossFit Level 1 Coach and Precision Nutrition Certified Coach.

Topics: professional liability, mobile apps, mobile security, Privacy Policy


Be a part of the conversation by submitting your comment below!