Teaming up with... AVIVA

Welcome to the UKGI weekly regulation update service for Aviva ABC brokers

We hope you find the Updates useful. If you are
interested in subscribing to our affordable
ABC compliance support package, please
email us at ABC@ukgigroup.com or
call UKGI on our dedicated ABC
contact line 01925 767893.

ICO publishes webpage regarding Privacy Notices

Link(s):Do I really need to read the privacy notice? | ICO
ICO urges all app developers to prioritise privacy | ICO

Context

The ICO published a webpage in February 2024 reminding all app developers to ensure they protect users’ privacy, following the regulator’s review of period and fertility apps. While no serious compliance issues or evidence of harms were identified in this review, the ICO wanted to remind all app developers about the importance of protecting users’ personal information, especially where sensitive information is involved.

The ICO have published a series of short videos for people using apps, including period and fertility apps.

Key points to note and next actions

The four practical tips given by the ICO to help app developers comply with their data protection obligations and maintain the privacy of their users;

  • Be transparent – Developers need to ensure their apps are being transparent with how they use people’s personal information. ‘Privacy information’ must be concise, clear and easily accessible.
  • Obtain valid consent – App developers must ensure they have the right consent to use people’s personal information. Data protection law sets a high standard for consent, which must be explicit, unambiguous and involve a clear action to opt-in. The apps used must not use pre-ticked boxes or any default method for consent, it needs to be easy for people to withdraw their consent at any time.
  • Establish the correct lawful basis – Data protection law requires that you must have a valid lawful basis in order to process personal data, such as consent, contract or legitimate interests.
  • Be accountable – Those developing apps must be accountable for the personal information they hold. If you are determining the purpose and means of processing data, you are the data controller. The data controller is responsible for complying with data protection law and must take appropriate measures to ensure any processing of data is lawful.