Reading time: 6 minutes

In New Zealand, any organisation that handles personal information, such as email or IP addresses, must abide by privacy law. This is relevant across all aspects of your business, primarily when operating digitally. There are privacy obligations if you develop an app for your business. This is because when you develop an app, you will likely collect personal information from those who download it. Customers may not be aware of just how much of their information apps may use, and you need to ensure you are transparent about such privacy concerns. Otherwise, you may face repercussions in the future for not observing app privacy obligations. For some guidance, this article will provide five tips for app developers in New Zealand.

1. Follow a Clear and Accessible Privacy Policy

When you take in personal information from your users/customers, you need to fully disclose how you collect, secure, disclose, and use that information. One place where you can provide this explanation is in a privacy policy. You should detail:

  • what information you collect, and why;
  • how you will use their information;
  • who you share their personal information with;
  • whether any laws apply to this process;
  • whether they have a choice in providing you with their personal information;
  • what happens if they refuse to give you information;
  • their legal right to access and correct any of their information that you hold;
  • your security measures for protecting their information; and
  • how they can contact you.

Both the Google Play Store and the Apple App Store require that apps on their sites have a privacy policy, and users will expect one. Make sure it is easily accessible and straightforward to understand. 

2. Conduct a Privacy Impact Assessment Early On

A privacy impact assessment (PIA) is an analytical tool that identifies the privacy effects of a new project. Ideally, you should conduct a PIA in the early stages of development before building the app itself. This way, app privacy obligations are front of mind during development.

With a PIA, you can identify privacy risks across all stages of the app development, from the coding to any marketing you will do. It will be more challenging to go back and mitigate privacy risks after you have developed the app than to build in privacy protections along the way. Update your PIA as you go, and continue evaluating privacy risks after app launch. Your privacy officer can help identify what these risks may be.

3. Build Security Into Your App

Apps deal with a lot of information, ranging in sensitivity according to your app’s function. Such data may include:

  • device make and software;
  • location data;
  • photos and tagging identification;
  • customer credit card details;
  • IP addresses;
  • intellectual property; and
  • other personally identifiable information.

Not only do app privacy obligations require that you keep your users’ personal information secure, but you will also face heavy reputational penalties if your app suffers from a data breach. Encrypt your source code and all data that users will transmit over a connection. Keep your security techniques up to date as technology develops. Consider providing two-factor authentication if users log in to your app using a username and password.

For example, when users sign up to use your app, send a verification link to the email they provided for added security.

Be sure to test your security systems regularly to determine their strength against data breaches such as malware or denial of service attacks.

4. Be Transparent About Who You Share Data With

There is a presumption under New Zealand privacy law that you should not share any personal information you hold. However, you can do so when:

  • that was the purpose you collected the information for;
  • another law requires it; or
  • you have user consent to share their data.

Your business must ensure that users know who you share their data with at the time of collection. You can outline this in your privacy policy or privacy statement. Be transparent about this with your users, and get their consent when you need it. You also need to observe the legal requirements when sharing personal information overseas.

For example, you may share users’ personal information with a third party service for personalised advertising in your app. This is fine, as long as your users know about this when you collect that data.

5. Minimise Personal Information Storage

When you collect information from your users from your app, you may store that information on your cloud-based servers. Only take in the information you need, to:

  • minimise the amount you need to store;
  • comply with your legal requirements under the Privacy Act; and
  • limit information lost in a data breach.

Your app will ask for a variety of permissions when users download it. Think about what it really needs access to, and rely on the minimum you need for functioning. For example, your app may not need access to a user’s contacts to provide its service.

Key Takeaways

The market for app development in New Zealand is continuing to grow, and you may consider this avenue for your business. However, you need to ensure that your app complies with New Zealand privacy law and protects your users’ personal information. If you would like more information or help with your app’s privacy, contact LegalVision’s data, privacy, and IT lawyers on 0800 005 570 or fill out the form on this page.

Frequently Asked Questions

What Is Personal Information?

Personal information is any data about an identifiable individual. This means you can identify a living person, whether by itself or in combination with another piece of information. This includes names, photos, or IP addresses.

Does My App Need a Privacy Policy?

Your app will need a privacy policy for a variety of reasons. If you want to market your app on the Google Play Store or the Apple Store, both companies require that you have a privacy policy. You should also use a privacy policy to comply with legal requirements.

What Is a Data Breach?

A data breach occurs when something compromises your business’ sensitive information, such as personal information. This means that an unauthorised third party (or the public) has access to it, or something is preventing you from accessing it yourself.

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.

The majority of our clients are LVConnect members. By becoming a member, you can stay ahead of legal issues while staying on top of costs. From just $119 per week, get all your contracts sorted, trade marks registered and questions answered by experienced business lawyers.

Learn more about LVConnect

Need Legal Help? Get a Free Fixed-Fee Quote

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

Our Awards
  • 2019 Top 25 Startups - LinkedIn 2019 Top 25 Startups - LinkedIn
  • 2020 Excellence in Technology & Innovation – Finalist – Australasian Law Awards 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice – Winner – Australasian Lawyer 2020 Employer of Choice Winner – Australasian Lawyer
  • 2021 Fastest Growing Law Firm - Financial Times APAC 500 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2021 Law Firm of the Year - Australasian Law Awards 2021 Law Firm of the Year - Australasian Law Awards
  • 2020 Law Firm of the Year Finalist - Australasian Law Awards 2020 Law Firm of the Year Finalist - Australasian Law Awards