Privacy and data security are important topics. No one wants to find their private photos on any websites or know their company secrets in the hands of the competition. Knowing your way around protects against fraud and prevents financial as well as personal damage.
What is the Difference between Privacy and Data Security?
Data protection is a right that every citizen has. It guarantees according to the Federal Commissioner for Data Protection and Information Security (BfDI): "Every citizen protection against improper data processing, the right to informational self-determination and the protection of privacy." The focus is thus on personal data.
What is and is not permitted under data protection law is regulated by the German Federal Data Protection Act (BDSG) and the data protection laws of the German states.
Data security is neither a right nor a law. Data security includes measures to protect data against manipulation, loss, unauthorized access by third parties or other threats. All data is affected, regardless of whether it has a personal reference or not. Inadequate data security can become a problem for companies and private individuals alike. Namely, if this results in data loss or even if company secrets are stolen.
Concepts for Data Protection and data Security
Fortunately, there are concepts to protect data. A distinction is made between data protection and data security concepts.
A data protection concept relates to both digital and analog personal data. It describes and assesses the information required under data protection law for the collection, use and processing of personal data. In other words, it establishes who has access to certain personal data, how, for what reason and to what extent.
A data security concept, on the other hand, is a mixture of a data protection concept and an IT security concept with the maturity level. It concerns all private data or all data of a company - whether analog or digital, whether personal or not. It is intended to prevent unauthorized persons from accessing data in any form. The right cybersecurity framework is a great help here.
To check the security of such a concept, Penetration Testing is used. It reveals vulnerabilities and gaps in digital data protection, which then need to be closed.
Privacy and data security in apps in general
Apps must also provide data protection and announce data processing with a statement that users must first confirm. The Telemedia Act (TMG) and the German Federal Data Protection Act (BDSG) provide the framework for such privacy statements in apps.
- Disclosure of the reason for the data collection, storage and/ or processing.
- Information about the type of data collected by the app. This includes metadata, content data, and personal data.
- Information about the duration of storage.
- Which third parties are authorized to access.
- An instruction for the purpose of the right of access, revocation and deletion of data.
- The naming of the responsible body, including contact options.
Previous Data Protection in the Apple App Store and Google Playstore
Apple and the App Store
Privacy is now a big priority for Apple. In its view for "app privacy", the Apple Store already allows a look at the privacy information of the app before downloading. This means that the user can get an overview of what data the app is interested in before downloading. The privacy information is divided into three areas:
- Data for tracking the person using the app. .
- Data directly linked to the user.
- Non-linked data.
Tracking data is the data that is generated when a user views web pages. The app or its operator uses this data to create a tracking profile. This is used by third parties to display advertising tailored to the user.
Android and the Google Play Store
On Android, privacy is to be strengthened: So the Google Play Store for Android wants to follow suit and offer a similar format to Apple by Q2 2022. In the future, users should also know in the Play Store before downloading which data the selected app wants to collect. The development will take place step by step.
Initially - that is, by Q4 2021 - all app developers will have to specify which types of data they store and how. This includes location, contacts, personal information, photos and videos, audio and storage files. In addition, by that date, vendors should provide all information about how they use that data. That is, whether it is necessary for app functionality and/or personalization, for example.
From the 1st quarter of 2022, this and other information about an app should then be available in the Play Store. Similar to Apple with its privacy label. From Q2 2022, the information should then be mandatory for all apps.
New for Data Protection and Data Security in the App Store: Mandatory Account Deletion
The mandatory account deletion is completely new: If users are requested to set up an account for an app, it must also be possible to delete it. More precisely, providers must ensure that they can delete the account from within the app.
This development is long overdue. Especially when you consider that deleting an app does not necessarily mean the account disappears.
After all, without deleting the account, the connection to the app-developing company can continue even without using the app. However, without having access to the own account and thus to the own data.
Consumers in mind - the App Store Guidelines could be a pioneer here again
The new regulations make things easier for consumers with regard to app use. It is also desirable that the Google Play Store and other app stores follow suit soon.
The innovation could also be a model for other areas of digital data protection. When it comes to data protection in the cloud, there is often similar uncertainty as with the powers of apps. Users are often unaware of their own responsibility in cloud use. Clear information such as that provided for "app data protection" in the App Store would be a good service here.
Conclusion - The New App Store Guidelines are a Win for all App Users
The new App Store Guidelines have the consumer in mind: They make it easier for them to maintain control over their data. This is a positive development that will hopefully rub off on other areas of the digital world in the coming years. This would be immensely beneficial for more security, transparency, and thus user satisfaction.