Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/kasnder/gdpr4devs

This is the first ever comprehensive AND concise guide to GDPR for app developers.
https://github.com/kasnder/gdpr4devs

android apps developers gdpr guidelines ios privacy-enhacing-document

Last synced: about 2 months ago
JSON representation

This is the first ever comprehensive AND concise guide to GDPR for app developers.

Host: GitHub
URL: https://github.com/kasnder/gdpr4devs
Owner: kasnder
License: cc-by-sa-4.0
Created: 2019-12-30T16:15:52.000Z (about 5 years ago)
Default Branch: master
Last Pushed: 2023-09-18T09:40:39.000Z (over 1 year ago)
Last Synced: 2023-09-18T11:11:49.563Z (over 1 year ago)
Topics: android, apps, developers, gdpr, guidelines, ios, privacy-enhacing-document
Language: TeX
Homepage: https://kasnder.github.io/gdpr4devs/
Size: 1.65 MB
Stars: 9
Watchers: 2
Forks: 0
Open Issues: 3
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# An App Developer's Guide to GDPR

My MSc thesis in Computer Science, supervised by Max van Kleek (University of Oxford), analysed a large range of documents, that an app
developer must consider for data protection under GDPR.
This analysis resulted in a set of developer guidelines.

These guidelines are shared, in the hope that some app developers might find them useful.
Instead of providing a lengthly legal document, these guidelines represent the *personal view of an app developer*.
They are by no means exhaustive, complete, nor proven in court.
Please don't sue me.

## Download

**Download the guidelines [as pdf](https://kasnder.github.io/gdpr4devs/guidelines.pdf) or visit [the website](https://kasnder.github.io/gdpr4devs/).**

The guidelines comprise 2 pages, and an appendix on third-party services.

## Self-Certification

To signify compliance with these guidelines, an app developer may use the [provided logo](https://github.com/kasnder/app-dev-privacy-guidelines/blob/master/certification/certificate.png).

Certifcate

## Methodology

The developer guidelines shall cover the fundamentals of GDPR. These are 1) the key concepts, 2)
user rights, and 3) principles and obligations.

In addition, the
specific data protection requirements of the most popular third-party services shall be included.

Legal terminology shall be avoided, to make
the guidelines understandable without expert knowledge.

### Key concepts

The app developer shall be made aware of what GDPR protects, that is,
*personal data*. Personal data is relevant for the developer, being
responsible for its protection as the *data controller*.

There has been
much public attention on the *high penalties*, introduced by GDPR. The
risk of such penalties is low, if the developer follows a *risk-based
approach* to data protection, as advocated by GDPR.

### User rights

Not all developers will be aware of the profound rights, that GDPR
grants to users.
These shall be mentioned.

### Principles and obligations

The rest of the document shall cover the seven principles of GDPR, that
the developer must follow as data controller:

- Lawfulness, fairness and transparency,
- Purpose limitation,
- Data minimisation,
- Accuracy,
- Storage limitation,
- Security, and
- Accountability.

To cover the first principle, “lawfulness, fairness and transparency”,
the most important step is the provision of an adequate *privacy
policy*. There exist rich online resources, which shall be mentioned.

For simplicity, the principles “purpose limitation”, “data
minimisation”, “accuracy”, and “storage limitation” shall be summarised
as *reasonable data collection*.
The term “reasonable” is similarly used
in the GDPR and occurs widely across the GDPR document, 52 times.

Regarding data collection, the further provisions of the platform
providers, Apple and Google, shall be added.

The remaining principles of “security” and “accountability” shall be
mentioned.
Regarding security, Apple and Google provide support
documents, that shall be linked.

## References
- European Parliament and Council: "Regulation 2016/679 (General Data Protection Regulation)"
- European Parliament and Council: "Directive 2002/58/EC (Directive on privacy and electronic communications)"
- Article 29 Data Protection Working Party: "Opinion 02/2013 on apps on smart devices"
- Google LLC: "Google Play Developer Distribution Agreement" (version 15 April 2019)
- Google LLC: "Google Play Developer Program Policies" (accessed 20 June 2019)
- Apple Inc: "Apple Developer Program License Agreement" (accessed 20 June 2019)
- Apple Inc: "App Store Review Guidelines" (version 3 June 2019)
- The documentation of the top 18 third-party services in apps, from 10 different companies.

## License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.