{"id":20854328,"url":"https://github.com/kasnder/gdpr4devs","last_synced_at":"2025-10-14T12:04:07.237Z","repository":{"id":44336234,"uuid":"230944936","full_name":"kasnder/gdpr4devs","owner":"kasnder","description":"This is the first ever comprehensive AND concise guide to GDPR for app developers.","archived":false,"fork":false,"pushed_at":"2023-09-18T09:40:39.000Z","size":1735,"stargazers_count":9,"open_issues_count":3,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-05-06T10:14:22.827Z","etag":null,"topics":["android","apps","developers","gdpr","guidelines","ios","privacy-enhacing-document"],"latest_commit_sha":null,"homepage":"https://kasnder.github.io/gdpr4devs/","language":"TeX","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"cc-by-sa-4.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kasnder.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-12-30T16:15:52.000Z","updated_at":"2023-09-08T18:01:46.000Z","dependencies_parsed_at":"2024-11-18T09:10:27.815Z","dependency_job_id":null,"html_url":"https://github.com/kasnder/gdpr4devs","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kasnder%2Fgdpr4devs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kasnder%2Fgdpr4devs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kasnder%2Fgdpr4devs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kasnder%2Fgdpr4devs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kasnder","download_url":"https://codeload.github.com/kasnder/gdpr4devs/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253682326,"owners_count":21946915,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","apps","developers","gdpr","guidelines","ios","privacy-enhacing-document"],"created_at":"2024-11-18T03:25:21.397Z","updated_at":"2025-10-14T12:04:02.176Z","avatar_url":"https://github.com/kasnder.png","language":"TeX","funding_links":[],"categories":[],"sub_categories":[],"readme":"# An App Developer's Guide to GDPR\n\nMy MSc thesis in Computer Science, supervised by Max van Kleek (University of Oxford), analysed a large range of documents, that an app\ndeveloper must consider for data protection under GDPR.\nThis analysis resulted in a set of developer guidelines.\n\nThese guidelines are shared, in the hope that some app developers might find them useful.\nInstead of providing a lengthly legal document, these guidelines represent the *personal view of an app developer*.\nThey are by no means exhaustive, complete, nor proven in court.\nPlease don't sue me.\n\n## Download\n\n**Download the guidelines [as pdf](https://kasnder.github.io/gdpr4devs/guidelines.pdf) or visit [the website](https://kasnder.github.io/gdpr4devs/).**\n\n\nThe guidelines comprise 2 pages, and an appendix on third-party services.\n\n## Self-Certification\n\nTo signify compliance with these guidelines, an app developer may use the [provided logo](https://github.com/kasnder/app-dev-privacy-guidelines/blob/master/certification/certificate.png).\n\n\u003cp align=\"center\"\u003e\n  \u003cimg alt=\"Certifcate\" src=\"certification/certificate.png\" style=\"display: block; margin: 0 auto;\" height=\"100%\" width=\"200\" \u003e\n\u003c/p\u003e\n\n## Methodology\n\nThe developer guidelines shall cover the fundamentals of GDPR. These are 1) the key concepts, 2)\nuser rights, and 3) principles and obligations.\n\nIn addition, the\nspecific data protection requirements of the most popular third-party services shall be included.\n\nLegal terminology shall be avoided, to make\nthe guidelines understandable without expert knowledge.\n\n### Key concepts\n\nThe app developer shall be made aware of what GDPR protects, that is,\n*personal data*. Personal data is relevant for the developer, being\nresponsible for its protection as the *data controller*.\n\nThere has been\nmuch public attention on the *high penalties*, introduced by GDPR. The\nrisk of such penalties is low, if the developer follows a *risk-based\napproach* to data protection, as advocated by GDPR.\n\n### User rights\n\nNot all developers will be aware of the profound rights, that GDPR\ngrants to users.\nThese shall be mentioned.\n\n### Principles and obligations\n\nThe rest of the document shall cover the seven principles of GDPR, that\nthe developer must follow as data controller:\n\n-   Lawfulness, fairness and transparency,\n-   Purpose limitation,\n-   Data minimisation,\n-   Accuracy,\n-   Storage limitation,\n-   Security, and\n-   Accountability.\n\nTo cover the first principle, “lawfulness, fairness and transparency”,\nthe most important step is the provision of an adequate *privacy\npolicy*. There exist rich online resources, which shall be mentioned.\n\nFor simplicity, the principles “purpose limitation”, “data\nminimisation”, “accuracy”, and “storage limitation” shall be summarised\nas *reasonable data collection*.\nThe term “reasonable” is similarly used\nin the GDPR and occurs widely across the GDPR document, 52 times.\n\nRegarding data collection, the further provisions of the platform\nproviders, Apple and Google, shall be added.\n\nThe remaining principles of “security” and “accountability” shall be\nmentioned.\nRegarding security, Apple and Google provide support\ndocuments, that shall be linked.\n\n## References\n- European Parliament and Council: \"Regulation 2016/679 (General Data Protection Regulation)\"\n- European Parliament and Council: \"Directive 2002/58/EC (Directive on privacy and electronic communications)\"\n- Article 29 Data Protection Working Party: \"Opinion 02/2013 on apps on smart devices\"\n- Google LLC: \"Google Play Developer Distribution Agreement\" (version 15 April 2019)\n- Google LLC: \"Google Play Developer Program Policies\" (accessed 20 June 2019)\n- Apple Inc: \"Apple Developer Program License Agreement\" (accessed 20 June 2019)\n- Apple Inc: \"App Store Review Guidelines\" (version 3 June 2019)\n- The documentation of the top 18 third-party services in apps, from 10 different companies.\n\n## License\n\n\u003cp align=\"center\"\u003e\n  \u003ca rel=\"license\" href=\"http://creativecommons.org/licenses/by-sa/4.0/\"\u003e\u003cimg alt=\"Creative Commons Licence\" style=\"border-width:0\" src=\"https://i.creativecommons.org/l/by-sa/4.0/88x31.png\" /\u003e\u003c/a\u003e\u003cbr /\u003eThis work is licensed under a \u003ca rel=\"license\" href=\"http://creativecommons.org/licenses/by-sa/4.0/\"\u003eCreative Commons Attribution-ShareAlike 4.0 International License\u003c/a\u003e.\n\u003c/p\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkasnder%2Fgdpr4devs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkasnder%2Fgdpr4devs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkasnder%2Fgdpr4devs/lists"}