Victorian govt mobile apps lack privacy policy

The Victorian Privacy Commissioner has raised concerns about the state government’s approach to privacy after a sweep of government-developed mobile applications found little offered a privacy policy to users.

The Victorian Privacy Office participated in the Global Privacy Enforcement Network (‘GPEN’) Privacy Sweep of mobile applications in May this year, a movement designed to examine issues such as privacy protections raised by the use of mobile apps.

It looked at whether consumers were being clearly informed about the type of personal data an app stores and uses and why it does so, and whether data was being collected beyond necessary for the application’s function.

Privacy Victoria used the sweep as an “early introduction” to the state’s new privacy by design approach, which was announced in May and was implemented as of July 1. 

The approach ‘embeds privacy into IT, business practices and networked infrastructure right from the outset’ in order to address the ‘ever-growing and systemic effects’ of large-scale networked data systems, and ensure that privacy is not a trade-off with the adoption of new technologies.

“New communication channels lend themselves to privacy by design, and agencies are encouraged to familiarise themselves with the relevant principles and materials," the Office said.

Privacy Victoria audited 64 mobile applications developed by organisations within Victoria’s public sector and found most of those surveyed had either no privacy policy or they referenced a generic privacy policy suited to a website rather than an application.

It similarly found state government agencies were opting for iOS-based applications over the Android platform, limiting “the extent of citizen engagement”. Around 94 percent of the surveyed apps catered to Apple devices compared to 62 percent for Android.

“The implementation of digital and mobile channels is a relatively new direction for public sector agencies, and the emphasis on mobile apps is now at the forefront," the Office said in its report.

“However, the proliferation of mobile apps should not have negative privacy implications for Victorians."

The privacy body will produce guidance to mobile applications towards the end of the year.

It did highlight a number of good practice findings as a result of the sweep - namely users being required to accept a privacy statement after downloading an app in order to use it; child-focused apps requiring parents to complete a consent form before the child can use it; and a ‘report anonymously’ option integrated within crime reporting apps.