Well, this isn’t necessarily the most glamorous area of the law, but it is very important to get it right – otherwise, your app is exposing you to potential liability.
Data Controllers
Apps which use geo-locational data obtained via Wi-Fi, GPS and mobile phone base stations, (separately or in tandem) have the capabilities to provide very accurate data on a smart mobile device user.
The user may not even know their location is being processed. As such, relevant law and industry codes of practice aim to protect users from potential abuses of their privacy in the app ecosystem.
The law puts in place a number of measures which anyone who uses personal data must abide by.
Those who use such data to provide their services get the awesome moniker of ‘Data Controllers’ for the purposes of that law. Data Controllers are legally responsible when they process data from and about users.
Consent
Before location data is collected a user must give their consent.
This means that the developer (as they generally have access to and use of the personal data – for other related parties which may use the personal data the same standards apply) must ensure that the user is aware of how their data will be used and when it is being used.
The consent that the user gives must be limited to the specific activity of the app for which they have consented to.
Your app cannot ask for permission for providing mapping services, but then use the locational data of the user for another purpose (such as selling onto a 3rd party marketing service after tracking a user’s movements).
Opting-out and privacy policy
The user should have the opportunity to opt out at any time they wish.
The app should also have an easy to comprehend privacy policy which gives further details about the personal data being collected and used as well as the rights that the user has in relation to that.
For practical help in drafting a privacy policy check out the privacy notices page on the website of the relevant UK regulator, the ICO.