Our 4 User Privacy Best Practices

18 April 2019


In his 3,200-word missive opinion piece, Mark Zuckerberg’s exposed his vision of Facebook’s future. He explained how the company will increasingly shift away from public posts to encrypted, ephemeral communications on its trio of messaging apps. According to the head of the world’s biggest social network, there is a large opportunity for a “simpler platform that’s focused on privacy first”. This statement shows how privacy has become a major concern, for consumers, corporations, but also for public institutions with the adoption of GDPR in Europe and CCPA in North America.

We evolve in a world where flows of communication and information are getting more intense every day. In order to keep pace, companies have to adapt better to their customer needs and deliver personalized information and services. Users expect smart applications that understand their behavior, anticipate their needs, and offer relevant experiences. Today, the challenge lies in delivering the right service and the right information at the right moment, while respecting user privacy. Since GDPR launched in May 2018 — and in anticipation of CCPA becoming law in January 2020 — companies are finally encouraged to take more actions in order to protect their users’ personal data.

At Connecthings, we believe that privacy should be top-of-mind or both companies and consumers. We make a point of keeping personal data safe and respecting user privacy and have always stood for protecting users’ data, even before GDPR existed. Here is a list of best practices about data privacy that we share and implement with our mobile app clients:

Transparency. Mobile apps have to be fully transparent about what they do with the data they collect. Terms and conditions should always be up-to-date and clearly explain — in simple language that consumers can understand — the application of GDPR norms. They have to mention the way they secure the data — using encryption, pseudonymization and information access control; if they share any data with third-parties or other companies for commercial purposes, they have to mention which data the third-party is going to collect; if they don’t, they have to state it; and they have to explain how they store personal data in a secured manner and for a period of time no longer than is strictly required for the purpose of which it is processed.

Full and clear consent. An opt-in request allowing personal data collection is necessary at the first use of the application. It has to mention which data the app is going to collect and for what purpose; if a third-party or a partner is involved, they have to explain which data they are going to collect as well and the way they are going to use it.

Precise documentation. Apps should track and document the opt-in and opt-out user history following the opt-in date, the way it was obtained, the type of personal data collected, and the opt-out date if it is the case.

Giving back control over the data. Our solution provides dedicated web services to mobile apps so that their end users can consult or delete the personal data collected through the application. With this service, users have the power to control their personal data.

There are opportunities for more privacy in the tech field, but most mobile apps are currently in breach of GDPR requirements when it comes to personal data collection, storage, and processing, mainly due to a lack of time, resources or awareness. Our recent partnership with the next-generation privacy solutions platform Didomi illustrates our goal to offer apps accessible tools and solutions so that they can be compliant with GDPR new standards.

Pascal Ehrsam

« Back to news