GDPR stands for General Data Protection Regulation, a European Union law that regulates how organizations collect, use, and protect personal data. It applies to many businesses worldwide and requires transparency, security, and accountability when handling personal information.

If your website or app collects personal data, you’ve probably heard of the GDPR.

The General Data Protection Regulation is one of the most important privacy laws in the world.

It sets the rules for how organizations collect, use, and protect personal data. It came into force in May 2018 and applies to many companies both inside and outside the European Union.

If you offer services to people in Europe, track website visitors, or collect personal information such as email addresses or IP addresses, the GDPR may apply to you.

In this guide, we explain what the GDPR is, why it was introduced, and who it applies to. We also cover the key principles, legal requirements, user rights, and practical steps organizations can take to stay compliant.

An overview of GDPR

GDPR stands for General Data Protection Regulation.

It’s a European Union law that regulates how organizations handle personal data. The regulation sets clear expectations for how companies collect, process, store, and protect information about individuals.

The goal is simple: people should understand how their data is used and have control over it.

For organizations, this means being transparent about data practices, collecting only the information that is necessary, and protecting it properly.

What is the purpose of GDPR?

GDPR was introduced to strengthen privacy protections and modernize older European data protection laws.

The regulation focuses on several key objectives:

• Protect personal data from misuse or unauthorized access
• Give individuals greater control over their personal information
• Require organizations to be transparent about how they use data
• Create consistent privacy rules across EU member states

These goals help create more trust between businesses and the people who use their services.

Who does GDPR apply to?

Many organizations assume that GDPR applies only to companies based in Europe. In reality, the scope is broader. GDPR applies in the following situations:

For example, a company in the United States that sells products to EU customers or tracks EU website visitors may still need to comply with GDPR.

What counts as personal data?

Under the GDPR, personal data is any information that can identify a person, either on its own or when combined with other data. That includes obvious identifiers such as names, email addresses, and phone numbers, as well as less-obvious identifiers such as IP addresses, location data, or device IDs. In simple terms, if a piece of information could reasonably be used to figure out who someone is, it likely counts as personal data under the GDPR.

The seven principles of GDPR

The regulation is built around seven core principles that guide how organizations handle personal data.

Lawfulness, fairness, and transparency

Personal data must be processed legally, and users must understand how it is used.

Purpose limitation

Data must be collected for specific and legitimate purposes.

Data minimization

Organizations should collect only the data that is necessary.

Accuracy

Personal data must be accurate and kept up to date.

Storage limitation

Data should not be kept longer than necessary.

Integrity and confidentiality

Personal data must be protected against unauthorized access or loss.

Accountability

Organizations must be able to demonstrate compliance with these principles.

These principles form the foundation of GDPR compliance.

Legal bases for processing personal data

GDPR requires organizations to have a valid legal reason for processing personal data.

The regulation defines six possible legal bases.

• Consent from the user
• Performance of a contract
• Compliance with a legal obligation
• Protection of vital interests
• Public interest or official authority
• Legitimate interests of the organization

Consent is commonly used for marketing activities and cookie tracking, but it is not always required if another legal basis applies.

Key GDPR requirements for businesses

Organizations must implement several practical measures to meet GDPR obligations. These measures help organizations demonstrate accountability.

User rights under GDPR

One of the central goals of GDPR is to give individuals greater control over their personal data.

The regulation grants several rights to users.

• Right to be informed about how their data is used
• Right of access to the personal data that an organization holds about them
• Right to rectification of inaccurate data
• Right to erasure, also known as the right to be forgotten
• Right to restrict processing in certain situations
• Right to data portability between services
• Right to object to certain types of data processing
• Rights related to automated decision-making and profiling

Organizations must provide ways for individuals to exercise these rights.

Cross-border data transfers

GDPR also regulates the transfer of personal data outside the European Economic Area.

Data transfers are allowed only when certain safeguards are in place.

Examples:

• Countries recognized as providing adequate data protection
• Standard Contractual Clauses
• Binding Corporate Rules

These mechanisms ensure that personal data remains protected even when transferred internationally.

GDPR compliance strategies

Staying compliant with the GDPR isn’t bout ticking a single box. It requires clear processes for how your organization collects, uses, and protects personal data. While every business is different, most GDPR compliance strategies start with a few fundamental steps.

Organizations should focus on:

• Understanding what data you collect. Map the personal data your business collects, where it comes from, and how it is used.
• Identifying a legal basis for processing. Make sure every data processing activity has a valid legal basis under the GDPR, such as consent, contract, or legitimate interest.
• Being transparent with users. Clearly explain your data practices in an accessible privacy policy and provide users with meaningful information about how their data is handled.
• Managing consent properly. When consent is required, collect it in a clear and verifiable way and keep records of it.
• Respecting user rights. Put processes in place to respond to requests such as access, deletion, correction, or data portability.
• Protecting personal data. Implement appropriate technical and organizational security measures to safeguard the data you process.
• Keeping internal documentation. Maintain records of processing activities and review them regularly to ensure they stay accurate as your business evolves.

Together, these steps create a solid foundation for maintaining GDPR compliance as your organization grows.

A practical GDPR compliance framework

For many organizations, GDPR compliance becomes easier when it is approached through a structured framework. Instead of treating privacy as a one-time task, businesses should build processes that guide how personal data is collected, documented, and protected across the organization.

A practical GDPR framework typically includes the following steps:

• Understand what personal data you collect. Identify the types of personal data your organization collects, where it comes from, and how it is used.
• Define a legal basis for processing. Ensure each processing activity has a valid legal basis under the GDPR, such as consent, contractual necessity, or legitimate interest.
• Provide clear privacy information. Make your data practices transparent through accessible privacy policies and clear disclosures to users.
• Manage consent where required. Collect and store consent in a way that is verifiable, easy to withdraw, and properly documented.
• Keep records of processing activities. Maintain internal documentation that describes what data you process, why it is processed, and who it is shared with.
• Protect personal data. Implement appropriate technical and organizational measures to safeguard personal data.
• Review and update regularly. As your services, tools, and partners change, review your compliance setup to ensure it remains accurate and up to date.

Together, these steps help organizations build a practical and sustainable foundation for GDPR compliance.

GDPR fines and consequences of non-compliance

GDPR introduced significant penalties for organizations that fail to comply with the regulation.

In addition to financial penalties, authorities may issue warnings, conduct audits, or restrict certain data processing activities.

GDPR compliance checklist

Here’s a simplified checklist organizations can use as a starting point.

• Publish a clear and accessible privacy policy
• Identify the legal basis for all data processing activities
• Obtain consent when required
• Implement a compliant cookie banner if cookies are used
• Maintain records of consent and data processing
• Enable users to exercise their data rights
• Protect personal data with appropriate security measures
• Regularly review and update compliance practices

Why was the GDPR introduced?

GDPR was introduced to strengthen privacy protections and modernize older European data protection laws.

The regulation focuses on several key objectives.

• Protect personal data from misuse or unauthorized access
• Give individuals greater control over their personal information
• Require organizations to be transparent about how they use data
• Create consistent privacy rules across EU member states

These goals help create more trust between businesses and the people who use their services.

Frequently asked questions about GDPR

Does GDPR apply to businesses outside the EU?

Yes. GDPR can apply to organizations outside the EU if they offer goods or services to people in the EU or monitor their behavior, such as through website tracking or analytics.

Do small businesses need to comply with GDPR?

Yes. Business size does not automatically exempt you from GDPR. If you process personal data from people in the EU, the regulation may apply regardless of company size.

Do I need a Data Protection Officer (DPO)?

Only some organizations must appoint a DPO. This usually applies to public authorities or companies that process large amounts of sensitive data or monitor individuals at scale.

How long can personal data be stored under GDPR?

Personal data should only be kept for as long as it is necessary for the purpose it was collected. Organizations must define retention periods and delete or anonymize data when it is no longer needed.

Start simplifying GDPR compliance today

Aligning with GDPR compliance involves many moving parts. Understanding what data you collect, being transparent with users, managing consent, and keeping proper records all take time and attention. The good news is you don’t have to handle everything manually.

iubenda helps you simplify the process, from generating privacy and cookie policies to managing consent and documenting your data processing activities in one place. Start simplifying your GDPR compliance today, and spend less time worrying about regulations and more time building your business. Create a new project to get a free website compliance audit and recommendations for how to build your compliance setup.

Useful links

• Smart compliance for UK GDPR
• GDPR compliance for e-commerce (what online shops need to know)

The post Everything you need to know about GDPR appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

For indie hackers and non-technical founders, that’s a huge shift and a real advantage. There’s a gap, however, that most people don’t see until it becomes a problem.

If your app collects personal data (even something as simple as an email address or analytics), you’re expected to have certain legal basics in place. Privacy policies, terms and conditions, and, in many cases, cookie consent.

For the most part, vibecoders aren’t intentionally ignoring this, but it may not feel urgent when you’re focused on shipping, testing, and figuring out whether your product even has legs. The problem is that platforms, app stores, and ad networks often care much earlier than founders expect.

Now for the good news. You don’t need to navigate everything at once. Start by understanding which requirements apply to your app.

Vibecoding: what’s it all about?

Vibecoding is a newer approach to app development in which AI generates most of the code for you based on prompts. Instead of writing everything by hand, you guide the build and iterate as you go. In practice, the process usually looks like this:

• You describe what you want in plain language
• An AI tool generates the code
• You tweak things, prompt again, and ship

What makes this approach different is that it’s no longer limited to simple demos or landing pages. Many teams are using it to build fully functional apps with logins, payments, and active users. And it’s growing in popularity among early-stage startups, with 25% of YC’s latest startups letting AI write 95% of their code.

Where things can go wrong

Most issues don’t show up while you’re building, but once you start to grow. A few common examples:

• You submit your app to an app store and get asked for a privacy policy
• You try to run ads, and Google won’t approve your campaign
• Analytics isn’t tracking properly
• A user asks how their data is handled, and there’s nowhere to point them
• A platform flags missing legal pages

At that point, compliance will feel like a blocker that came out of nowhere, even though, from a legal perspective, the trigger was simple: the app began processing personal data.

This is where privacy laws apply in a very practical way, not as an abstract legal concept. For early-stage startups, it’s less about fines and more about delays, rejections, and lost momentum.

Useful links:

How compliance gets overlooked

Unlike security risks, legal compliance doesn’t receive much attention in AI circles. That’s because most vibecoding content focuses on speed, tooling, prompts, and shipping faster, and privacy and terms feel like something you “add later”, once the product is proven.

But as we now know, most platforms won’t let you get very far without them. App stores require a privacy policy, ad platforms check for compliant policies, and analytics and tracking need valid consent in many regions.

Can’t the AI just generate this for me?

It’s reasonable to assume that if AI can build your app, it can also generate your legal documents. And while you can technically build documents this way, AI-generated policies tend to be:

• Generic
• Incomplete or out of date
• Not aligned with the services you actually use
• Missing platform-specific requirements

Most importantly, from a legal standpoint, you’re still responsible for what’s there. If something goes wrong, it doesn’t matter how the text was generated; you’re still accountable for what’s published.

While AI can be great at generating code and features, legal compliance requires accuracy, context, and ongoing updates.

What your app actually needs to stay protected

For most vibecoded apps, the requirements are simpler than people expect. You don’t actually need a complex legal setup. Just a few basics in place, early.

• Privacy policy
  • If your app collects personal data (e.g., email addresses, logins, payments, analytics), you need a privacy policy. It’s what app stores, ad platforms, and users expect from you. It needs to clearly reflect how your app works, processes personal data and which third-party services you use.
• Terms and conditions
  • Terms protect you. They define how the app can be used, limit liability, and clarify responsibilities. If users sign up or pay, terms are essential.
• Cookie consent
  • If you use analytics, ads, or tracking, users often need real choices. Clear consent also helps ensure your analytics and ad tracking work as intended.
• Platform requirements
  • App stores, ad networks, and payment providers all check for compliant documentation. Missing or incorrect pages can delay launches or block growth.

Useful links:
https://www.iubenda.com/en/blog/how-to-write-terms-and-conditions/

https://www.iubenda.com/en/help/463-generate-privacy-policy/

How iubenda helps

If you’re building an app quickly, iubenda helps you get your compliance basics sorted so you don’t get hit with surprises when it’s time to launch.

Instead of writing policies yourself or relying on AI text that won’t pass platform checks, iubenda generates them based on the services your app actually uses. That includes your privacy policy, terms and conditions, and, if your app relies on analytics or tracking, your cookie and consent setup. Everything is maintained by our legal team and updated for you, so you don’t need to track changes or rewrite anything as your stack evolves.

The consent tools also handle the practical side of compliance: giving users real choices, respecting those choices across devices, and keeping proof of consent. This helps prevent analytics or ad tracking from breaking and keeps platforms like Meta and Google Ads happy.

iubenda integrates easily into most workflows, whether you’re using a CMS, a no-code tool, or a custom setup. You can embed everything with simple snippets, plugins, or via API.

All of this saves hours of work and reduces the risk of running into issues at the worst moment: an app store rejection, an ad campaign being paused, or users hesitating because they can’t see how their data is handled. It’s simple. We’ll help you stay aligned with the latest compliance requirements while you focus on shipping your product and growing.

Pre-launch checklist

Before you share your app publicly, it’s worth running through a quick check to make sure nothing important is missing. The basics are straightforward:

• Is your privacy policy live and easy to find?

Platforms expect this, and users look for it.

• Do you have terms in place if people need to sign up, log in, or pay?

This sets clear rules and protects you.

• If you use analytics or tracking, is consent handled properly?

Real choices, correct behaviour, and nothing firing before it should.

• Do you meet the requirements of any platform you depend on?

App stores, ad networks, and payment providers all check for this.

A solid foundation for smooth app growth

Vibecoding makes it easier than ever to ship quickly. Getting the privacy basics right makes it easier to grow.

When compliance is handled properly, it builds trust, keeps platforms happy, and removes the small obstacles that can slow your momentum. With iubenda, you can do all of this in minutes.

Get set up today.

The post Everything AI app builders need to know about vibecoding and privacy compliance appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

On March 19, 2025, the German Administrative Court of Hanover (VG Hannover) issued a decision that has big implications for anyone using Google Tag Manager (GTM). The court ruled that GTM requires explicit user consent before it can load — even if GTM itself doesn’t use cookies.

This ruling has caused understandable concern for website owners and marketers across the EU. Let’s break down what the court decided, what it means in practice, and how iubenda is approaching this development.

What the court decided

The court looked at how GTM works in practice and concluded that it is not just a neutral tool. Here’s why:

• Connection to Google servers: GTM contacts Google servers as soon as a page loads.
• Personal data transfer: IP addresses, device details, and referrer URLs are sent to Google automatically.
• Local storage: The GTM script (gtm.js) is stored on the user’s device.
• Hidden execution: GTM enables other third-party scripts to run, often before consent.

Because this happens before a user can give consent, the court found it violates both the GDPR and the German Telemedia Act (TTDSG).

The ruling also criticized invalid consent banners — for example, banners that make “Reject All” harder to find or use misleading symbols like “X” to imply consent. According to the court, these designs don’t count as genuine consent.

What this means for website owners

The main takeaway is simple:

• GTM requires explicit consent before loading.
• Consent must be informed and easy to refuse — no dark patterns.
• A Consent Management Platform (CMP) is not enough if GTM runs before the user makes a choice.
• Google’s Consent Mode 2.0 may not fully solve the compliance issue.

In short, GTM is not “just technical.” It’s a data processing tool, and that means it falls under EU consent rules.

iubenda’s approach

At iubenda, our Privacy Controls and Cookie Solution already give you two clear options for managing GTM in line with consent requirements:

1. Block tags inside GTM (granular approach)
   • In GTM, you can configure triggers to fire only after iubenda’s consent signals are received.
   • This means you can decide which tags are allowed for each consented purpose (e.g., analytics, marketing).
2. Block the GTM script itself (non-granular approach)
   • You can assign GTM to a specific purpose in iubenda.
   • With this setup, the entire GTM container will only load once a user gives consent for that purpose.

By default, our generator currently categorizes GTM as a strictly necessary service, which means it is not blocked automatically. This choice was made because blocking GTM at the script level can cause technical issues for many websites.

However, if you prefer to apply the strictest interpretation of the German court ruling, you can switch to one of the two blocking methods above to ensure GTM only runs after user consent is collected.

Will iubenda block GTM automatically?

Not at this time. Here’s why:

• The VG Hannover decision is regional and not yet binding across the entire EU.
• Automatically blocking GTM would disrupt many websites, and it’s not yet clear whether this will become the EU-wide standard.
• Our users already have the tools to choose stricter compliance and manage GTM accordingly.

We’re closely monitoring the situation, and we’ll update our recommendations if the legal landscape changes.

What you can do today

If you want to apply the strictest standard immediately, you have two options with iubenda’s Privacy Controls and Cookie Solution:

1. Block the GTM script until consent is given
   • Assign GTM to a specific purpose in iubenda (for example, “Marketing”).
   • The GTM container will only load after the user consents to that purpose.
   • This option is simpler but less flexible, because all tags wait for consent together.

   

2. Control tags inside GTM (granular consent)
   • Set up GTM triggers to listen for iubenda’s consent signals.
   • Allow or block each tag depending on the purposes the user has agreed to (e.g., Analytics, Remarketing).
   • This option takes a bit more configuration, but it gives you full control and aligns closely with GDPR requirements.

Both methods are supported by iubenda. Which one you choose depends on your compliance strategy and the level of risk tolerance you want to adopt.

The German court’s decision is a reminder that even tools considered “technical” — like Google Tag Manager — can have significant data protection implications. For now, we are not enforcing automatic GTM blocking in our products, but we give you the flexibility to decide how to configure GTM for your business.

As always, we recommend keeping a close eye on legal developments and ensuring your consent banner offers users a real, transparent choice.

The post Google Tag Manager and GDPR: What a Recent German Court Decision Means appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

The pricing of the iubenda Accessibility Widget product is based on the number of pageviews your website receives. What do we mean by that?

What is a pageview?

One pageview is counted when a user visits any page on which the Accessibility Widget is active.

How are pageviews calculated?

In more technical terms, pageviews are calculated following the number of executions of the Accessibility Widget script. Whenever the Accessibility Widget code runs, our software records a pageview.

Pageviews are not recorded only at the first visit of each user, but also during all subsequent visits. The reason is that our Accessibility Widget must keep being active, and its script keeps running continuously.

In fact, the parameters selected on the Accessibility Widget (e.g., aligning all text to the right) are instantly applied as well as saved for future visits, so users don’t need to select them again.

Why is the iubenda pageview count different from other analytics tools?

The number of pageviews calculated by our software may differ from those calculated using other software such as Google Analytics, ShinyStat, or Matomo/Piwik.

This difference is because other tools typically use different metrics, like the number of visitors or the number of sessions.

The post How Are the Accessibility Widget Pageviews Calculated? appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

• If you want to read a more general overview of privacy policies in mobile apps then you can read that here
• If you want to skip all that and just use our generator to help you make a privacy policy for your BlackBerry app then follow me

Our guides about the states of privacy policies in the various app stores are well visited resource, that’s why here is one more guide on the state of privacy policy on the BlackBerry World.

• You can find a similar privacy policy guide for Android here: Privacy Policy for Android Apps
• You can find a similar privacy policy guide for Windows Phone: Privacy Policy for Windows Phone Apps
• You can find a similar privacy policy guide for iOS here: Privacy Policy for iOS Apps
• You can find a similar privacy policy guide for Firefox OS here: Privacy Policy for Firefox OS Apps

The question I want to answer in this post: let’s assume I want to include a privacy policy into my BlackBerry application: what do I need to do?

In Short

We have a slightly different flow in place for mobile privacy policies than for the web version:

• Use our generator for mobile apps;
• Add all the clauses you need for your app to your privacy policy and then:
  1. Embed it into your app or link to it from the app (read here how to properly add a privacy policy to a mobile app);
  2. Possibly link to it from the app store;
  3. Possibly link to it from your website;
• Be happy.

1) Do I have to include a privacy policy in my BlackBerry app?

• Well, that depends on what the app is doing. But consider the fact, that you can never be wrong including a link or a full page view of your privacy policy. It is however very likely that you are required by law to include a privacy policy into your BlackBerry application. Easy CHECK: Am I collecting/storing/sharing personal information like email, names or sensitive data like payments info or using a third party service that accesses my info?
• You are likely using a third party service in your app that requires you to add a privacy policy to your app. Additionally to a legal requirement it is often an additional prerequisite to use a specific service. Check in your service provider’s terms. A very popular third party service that requires you to post a privacy policy in their TOS is Google Analytics (they also have a mobile solution).

2) Am I required by BlackBerry’s App World to post a privacy policy?

• No: having a privacy policy is not a prerequisite to be listed on BlackBerry’s App World at this time (26th of August 2013)
• BUT Yes a privacy policy is required for the Built for Blackberry designation: on BlackBerry’s App World you may submit your app for something that is called “Built for BlackBerry“. It’s a designation that helps converting your prospects into actual downloads. In the Built for BlackBerry documentation it says “You must have provided a link to your privacy policy information in the vendor portal of BlackBerry World. Required for apps & required for games” (also see this checklist)

3) How do I add/edit my privacy policy on the App Store?

You can add or update the privacy policy in your BlackBerry World membership account. To do so:

1. open your browser and visit https://appworld.blackberry.com/isvportal
2. log in to the “Vendor Portal for BlackBerry World” using a user account with Admin role;
3. select “Manage Account Details“;
4. in the “Vendor Info” tab, new and existing vendors can enter a URL for their (company’s) privacy policy in the Privacy Policy URL field
5. click “Save” to finish the addition of your privacy policy.

How do you add a link in the Vendor Portal when updating apps?

1. upload a new version of your app;
2. you will be asked if something has changed, confirm that fact;
3. you will get the entry forms to add a privacy policy link.

4) An example privacy policy for BlackBerry apps?

A lot of people ask for sample privacy policies for apps. Let’s start with the legal minimum requirements. A good starting point is the California Online Privacy Protection act (CalOPPA), and even better Europe’s minimum requirements since they are more refined.

CalOPPA minimum requirements

Provide info about the personally identifiable information (PII) like:

• a description of the types of PII collected and disclosed by the operator;
• a description of the process by which a consumer can access and request changes to his or her PII, if available;
• a description of the process by which the operator will notify consumers of material changes to the privacy policy; and
• an effective date.

EU Privacy Directives minimum requirements

Provide a readable, understandable and easily accessible privacy policy, which at a minimum informs users about:

• who you are (identity and contact details);
• what precise categories of personal data the app wants to collect and process;
• why the data processing is necessary (for what precise purposes);
• whether data will be disclosed to third parties (not just a generic but a specific description to whom the data will be disclosed);
• what rights users have, in terms of withdrawal of consent and deletion of data.

You can easily google for an example privacy policy for X but chances are you won’t find anything ready-made that fits the bill.

Helpful docs:

• Privacy on the Go
• Article 29 Working Group

Our Approach of Generating a BlackBerry Privacy Policy

So here’s where iubenda’s privacy policy generator will come in very handy:

1. Define the services and categories of data collection your app is making use of.
2. Add the services (and categories of data collection like “access to address book”) you are using to your policy and it will generate the full text privacy policy in a condensed easily scannable fashion as well as an entire document your users can read if they want.
3. You can either link to your policy or embed the text into your app.

Try Our Mobile Privacy Policy Generator

The post Privacy Policy for BlackBerry Apps appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

What we usually say is this:

It’s simply the most convenient and correct way to set up a privacy policy per app because if anything changes in one app, it doesn’t necessarily change in the other. Most projects/sites/apps don’t do the same thing, that’s why you use various policies.

1. For this use case however we offer a monthly pricing package that makes the generation of various privacy policies much more affordable. The monthly pricing starts with 5 licenses in your iubenda account, it can be easily adapted as you go on and grow.
2. Another approach is to use the policy you bought as your main company policy, then you will use this main company policy to reference all the apps/projects it’s suitable for. This is done via the addition of custom clauses to your main privacy policy. Select “Create custom service” and state that this policy governs the projects/apps/sites X & Y & Z. That way you can avoid opening up more licenses before you actually need them.

To add a custom clause, browse to your dashboard (log in), select your main privacy policy, select “Add service”, select “Create custom service”.

Step 1, “Add service”

Step 2, “Create custom service”

To get a subscription package to our privacy policies, go to our subscription page.

The post Adding Multiple Privacy Policies via iubenda appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

Since the AG of California’s new focus on mobile apps and privacy we know that privacy is a huge issue on mobile apps. Your mobile phone provides access to location data, your address book or identity in general. Attorney General Kamala Harris therefore forged the agreement with six companies whose platforms comprise the majority of the mobile apps market: Amazon, Apple, Google, Hewlett-Packard, Microsoft and Research In Motion to get their app stores in line with California’s privacy regulations: mobile apps should have privacy policies to inform their users of their data collection practices.

A paper that was released a little earlier this year alongside an iOS app called “ProtectMyPrivacy: Detecting and Mitigating Privacy Leaks on iOS Devices Using Crowdsourcing” shows some numbers about apps on the App Store and how they access personal data: Access to the device identifier UDID (48.4% of apps), location (13.2% of apps), address book (6.2% of apps) and music library (1.6% of apps) is widespread in iOS.

Apple had actually set a deadline for May 1 for applications to stop using that unique device ID – a 40-character long serial number appearing on iPhones (as well as iPads and iPod touches). This study by the a group at the University of California, San Diego suggests that nearly half of all iOS applications still use UDIDs in violation of Apple’s own very privacy policy.

ProtectMyPrivacy iPhone App

Along with the study the group around Malcolm Hall and Yuvraj Agarwal designed an app called ProtectMyPrivacy and released a completely redesigned implementation of an earlier app that helps you protect your privacy on the iPhone. It provides a layer of security between apps and the operating system. When an app attempts to access any protected information, an alert is shown and you have the option to “Protect” or “Allow”.

The software is unique in that rather than merely blocking access to the information, which could cause the app to have unexpected behaviour or even crash, PMP instead supplies fake replacement information, such as randomized contact names, or a location specified by you. You can quickly switch between real and fake information, even while the app is running. PMP also provides automatic protection using crowd-sourced recommendations, this uses information from previous manual decisions made by other users for the same app.

It’s not much of a surprise that PMP isn’t really available on the App Store as of now, you may however use it on jailbroken phones for the time being. We applaud the efforts to return privacy into our pockets. If you need a privacy policy to go along with your app, we may just have the right solution for you: use our privacy policy generator for mobile apps.

Via Techlicious.

The post Protect My Privacy (.org) appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

The truth is that the topic of privacy regulations is a rather complex thing. Therefore, a template for a privacy policy has to take various things into account like where you are based & what you are actually doing on your website that is privacy relevant. That’s rather hard to manage when you think that there are dozens and dozens of relevant things you may be doing on your site.

If you are doing most of the work for your website, you are the one that knows best about your practices. You know if you are using Google Analyitcs, Mailchimp, a contact form, Facebook Like buttons or making use of any other practice that involves the personal data of your visitors/users.

Mostly however what you don’t know, even if you’ve had very advanced legal schooling, is how to write a legally viable privacy policy. That is what you pay a good lawyer for, who usually has to work out all of the details for your site before they can start applying their very own framework/process for creating a policy for you. Lets get it out there: Hiring a specialized lawyer for your privacy policies, terms of service and other legal documents is the safest way for legal compliance: they will examine your site & situation, work out the legal issues and hopefully create a good policy for you. There’s no question however, that you will have to invest considerable time and money.

Our Approach and Privacy Policy Template

Our approach to generating privacy policies for you is the following:

We’ll help you generate your privacy policy in just 3 steps. It takes only five minutes and you don’t need any legal skills. It’s mostly free, but there’s a PRO version that gets you set up with more advanced controls easily.

It’s as easy as that because our legal team have already done most of the work, handling all the legal documents and texts. It means we have pre-written all of 130+ clauses for various services out there like Google Analytics and others. It also means you can just sign up, choose a few services and then use the policy we generate for you on your site within a few minutes.

Additionally, we host the privacy policy for you, which means that we keep it legally relevant and change things whenever things need to be changed.

Our most popular clauses like Google Analytics, Facebook Like button, Access to the Facebook, Contact form, Twitter Tweet button, Mailing List, Google+ +1 button, Direct registration, Access to the Twitter API and Mailchimp are free for any basic policy and can be used on your site without any further ado.

Privacy Policy Template for X

If you are specifically looking for a privacy policy for a service like Google Analytics, you may easily generate that within your dashboard. We have by now added over 1800+ clauses you may conveniently choose from and if there’s anything missing, we may add it for you if you suggest it in our support forums.

Here’s another example: A lot of people are looking for a privacy policy template for AdSense. It’s the same convenient concept, you just log in and add that clause to your policy. iubenda finishes the process by compiling your text for you.

Privacy Policy Template Resources

This post wouldn’t be complete if we didn’t list a good few resources for privacy policy templates and guides. If you have the limiations of most templates in mind (they’re generally incomplete as it’s unlikely that templates will include the legally required disclosures specific to the services you actually have running on your site), you may be able to find something more suitable among the following sites. This isn’t a list of the latest top ranking Google search results, but rather one filtered by currentness, trust and quality. Keep in mind that none of it is actually legally binding advice:

• Sample privacy policy – Provided by GOV.uk – UK
• Private sector privacy legislation, Implementation tools  – Provided by British Columbia Online – CANADA
• Privacy on the Go – Provided by Bureau of the Attorney General – US/CALIFORNIA (mobile)
• Mobile Privacy – Provided by the Australian Information Commissioner – AUSTRALIA (mobile)
• more to come as we find it

One more thing: how is iubenda different from pre-made privacy policy templates?

iubenda offers a very wide spectrum of choices like lawyer-written clauses, hosting of your policy, keeping the docs up to date, the possibility to add custom clauses to your policy and much more. Additionally, we have a Facebook privacy policy generator and one that generates policies for iOS, Android and Windows Phone.

To conclude, Our Privacy Policy Generator, is just so much more than just a template.

Try it, it’s free.

The post Privacy Policy Template appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

The post Iubenda: introduction appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.