UK laws affecting app developers – a brief summary

12 Feb, 2014 - By







What does it do?

What does it mean?

Data Protection Act 1998

Controls the collection and storage of individuals’ personal information

If you are a data controller, you need to register with the ICO.

You must only collect the minimum data necessary for the tasks your app performs.

You must not store personal data for longer than is necessary for the task at hand.

Users of your app must be properly informed about what will happen to their personal data.

Identify yourself and give your app users a simple means to contact you.

Respond to a user if they make a written request for a copy of their personal data that you hold.

Privacy and Electronic Communications Regulations 2011

Controls the way companies use electronic communications to market their services to consumers.

You cannot send unsolicited emails, texts or voicemail messages unless you have the user’s consent to do so.

You cannot ask a user to send your marketing message to friends or give you their friends’ contact details for marketing purposes, unless you are confident they have received consent from each of their friends first.

You cannot track a user’s location unless a) it is anonymised or b) you need the data in order to perform the desired service and you have the user’s permission. 

Office of Fair Trading (various)

The Consumer Protection from Unfair Trading Regulations (CPRs) prohibit unfair commercial practices.

The Unfair Terms in Consumer Contracts Regulations (UTCCRs) require standard contract terms to be simple to understand.

Broadly speaking, if your business misleads, behaves aggressively or otherwise acts unfairly towards consumers, then you may face enforcement action. See the OFT guidance on CPRs for more information.

Important contract terms, particularly those which may disadvantage consumers, must be clear, prominent and actively brought to consumers’ attention – not hidden in the small print of ‘terms and conditions’ or ‘privacy policies’. This means, for instance, that if your app is distributed free of charge you should be particularly careful when asking for in-app payments once the app is installed and running. Refer to the OFT guidance on UTCCRs for more information. 

Telecommunications Lawful Business Practice (Interception of Communications)  Regulations 2000

Authorise certain interceptions of telecoms data while in transit.  

Telecoms companies may be authorised, subject to certain conditions, to monitor or keep a record of app data passing to and from your servers. The reasons to do so would have to be clearly defined: for example, to prevent or detect crime.

Financial Services and Markets Act 2000

Regulates data security breaches committed by listed companies and financial services firms.

As a developer you need to take extra care when designing apps for listed companies. There are significant fines levied on companies that either misuse or fail to protect financial data. The majority of cyber security breaches are caused by issues related to third party IT providers. 


 This document is not intended to provide an exhaustive compilation of all UK law relating to privacy. It is a brief summary designed to promote best practice in the collection of data from mobile apps, and should not be depended on to ensure compliance. If you are in any doubt as to the extent to which your data practices comply with UK or international law, we urge you to seek professional legal counsel.


Share it!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>