If you are a business owner intending to offer a mobile application (“app”) to customers, clients or members, in addition to being clear about who owns what from an intellectual property point of view as to the app’s content and the data it generates, be sure that its construction and operation allow you to meet regulatory requirements. Knowing the legal issues you could face will allow for better design and operation of the app and lessen the chances for missteps.
Here are questions to ask the app’s developer and your operations and maintenance team, along with some actions you can take to avoid unpleasant surprises.
Considering Intellectual Property Protection Issues:
• Who will own the copyrightable content in the mobile app? You or the developer?
• Will the app contain trade secrets or patentable subject matter?
• Will the app incorporate the intellectual property of third parties, such as trademarks or photographs?
• Will the app’s construction rely on any open source software?
The best way to address intellectual property issues is to have appropriate written agreements in place, such as licenses for third-party content, work-made-for-hire agreements, assignments of rights, and non-disclosure agreements.
Considering Privacy and Personal Data Protection Issues:
• What is the minimum personal data that you need to collect to achieve your objectives?
• What kind of technical data, such as IP addresses and transaction data, will the app collect?
• Will you be collecting personal data from minors, especially those under the age of 13?
• Will the app be used by people outside of the USA?
• Will the app offer opt-in or opt-out mechanisms?
• How will the data be stored?
• What kind of procedures will be in place in the event of a cyber breach in the collection or storage of your data?
If the app will collect personal information about users such as health or financial information, or if it will be interacting with minors, then it is critical to be proactive. Analyze your methods of collection, use and storage of the data. Identify the regulatory requirements your app must satisfy prior to collecting personal information (e.g., having the consent of the user) or how to deal with an outside breach of security (think Target, Home Depot, JP Morgan/Chase). Such forethought will enable you to have policies and procedures to lessen exposure and/or allow for timely corrective action should a cyber breach of your data protection safeguards take place.