Table 2 Sample developer guidance: Australian privacy laws and global best practices [33]
From: A health app developer’s guide to law and policy: a multi-sector policy analysis
Does the app collect, use, disclose or hold any personal information? | |
Yes: Go to next question. | |
No: You do not need to comply with any privacy legislation. | |
What kind of developer are you? | |
• An individual or entity conducting a commercial activity | |
o Go to next question | |
• A federal public entity | |
o You must comply with the Australian Privacy Principles | |
• A State or Territory public sector entity | |
o You must comply with the Australian Privacy Principles | |
• An individual | |
o You are not required by law to comply with privacy legislation unless you are conducting commercial activity. However you should build privacy into your app’s design. | |
Does the app do, or claim to do, ANY of the following in ANY way? | |
• Assess, maintain or improve a person’s physical or mental health, fitness or wellbeing? | |
• Manage a person’s condition, disability or disease? | |
• Diagnose or treat a person’s illness or disability, or injury? | |
• Record a person’s health information? | |
Yes: you must comply with the Australian Privacy Principles: This means that you must: | |
• Manage personal information in an open and transparent way (this includes having a clearly expressed Privacy Policy) | |
• Adhere to principles about how personal information can be collected, used and shared | |
• Keep personal information secure | |
• Ensure people can access and correct their personal information | |
No: you are not required by law to comply with privacy legislation. However, you should aim for privacy by design. |