Analysis Phase

Based on your drafted plan (in the preceding phase) consider if there is a need of data collection, reconsider its necessity and alternate ways to fulfill purposes (for instance to identify the app) and think about which measures you have to integrate into the processing of data in which way.

You should also take into account the difference between data accessed from device (e.g. stored data or identifiers) and data generated by user (e.g. input the user produce, but also logging information and meta data) (see previous section, primary and secondary data).

In order to follow the Privacy by Design principle (see Foundations) collection and linkage of user data and the way data connections are established must be taken into consideration from the very beginning. For this we provide you some good practices.

Device-specific information is sensitive

It must be taken into account that Device-specific information is subject to a number of restrictions, since they are sensitive. This is a fact widely neglected, that's why we list the ones most commonly used:

• Unique identifiers (UDID, IMEI, MAC addresses etc.) may only be obtained if necessary for the specific purpose and after an actively confirmed opt-in

• Unique identifiers must not be used for individual user tracking

• Tracking IDs (IDFA, AAID) should be avoided and where necessary be transmitted in encrypted form

• User-disabled tracking options must be respected

Access to device-specific information (e.g. UDID, IMEI, MAC addresses, etc.) MUST be obtained from the user via an Opt-In and MAY only take place to the extent that is really required. Many app manufacturers claim that device IDs are “anonymized” using hash values. As this is actually pseudonymization and not anonymization, the manufacturers are wrong here. There is no reason why these IDs should be accessed to recognize users.

Privacy Policy

The processing of personal data makes it necessary to define a Privacy Policy. Since the minimum requirements of the local data protection laws have to be fullfilled anyway we suggest to take data protection serious and go a step further to build attractive and competitive apps.

If we talk about personal data, keep in mind that a lot of data can be linked to individuals, especially in the field of mobile apps. That's why it is advised to avoid the storage and processing of data where possible

The definition of a privacy policy implies, but is not limited to:

Which types of personal data are accessed and why?

• How will this data be used?

• How will this data be stored?

• Which third-parties will receive access to the data and under what conditions?

• Statement, that collected data will be protected from unauthorized access

• Contact data of the actual Data Protection Officer

  • is this necessary for any app? / is it practicable for app developers?

• Statement on how to access personal saved data as a user

• Statement on how to initiate personal data deletion as a user

• extended information about privacy policies etc. can be found here: [https://www.enisa.europa.eu/]

  • make clearer reference to concrete pages

Is data leaving the main ecosystem?

Think about on which level your data is processed and transmitted.

• definition the level of data leakage

  • is data leaving the "local boundary"

  • is data leaving the "eco system boundary"

  • is data leaving the "3rd party boundary"

For the processing of data, you need a proper contract, that you are entitled to do so. This is bound to a number of duties. (cf. Article 28, GDPR).

You can find an template at the Society for data protection and data securitys (GDD) website.

Which data needs which level of protection?

Special categories of data are placed under particular protection of the law.

type of data	consequences
no personal reference	no consequences, no abuse possible (n/a)
person related or relatable	protection necessary
sensitive data	harmful consequences possible, special risk assessment necessary

Legal Hint: "Data Economy"

Access to data (e.g. PIM, media, etc.) MUST take place in line with data economy1 according to §3a BDSG. Data MUST NOT be passed on to third parties without an Opt-In from the user. Utilization of the data SHOULD be explained to the user (why does the application need this access, and what will not function if I do not provide this access?).

Special categories of personal data with stronger limitations

Special categotires of data include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation. (Art 9, GDPR)

These data generally may only be used where the data subject has given explicit consent regarding these very categories of information.

Extent of data used

Where the information on individuals used by the app is particularly comprehensive, exposing their conduct or characteristics, particular attention needs to be paid to the protection of those data.

• In general data used must be deletable on user demand

  • a routine must be implemented to ensure full deletion of user data on demand

    • all saved data from the user must be deletable

    • this applies also to data stored in the cloud

    • if no such routine is implemented, the user is provided with contact data to send a deletion request

• Special protection

  • are persons with special protection needs concerned?

If children or other persons who require particular legal protection are involved, the processing of data might be more restricted than otherwise.