Five things to consider before agreeing to a privacy policy

21/07/2021

Large, expressive eyes, a small mouth, round, red cheeks… These are some of the changes that have allowed millions of people to become an animated drawing or a Renaissance painting with Voilà AI Artist.

UOC faculty members Mònica Vilasau and Sergio de Juan-Creix have stated that any app could be dangerous with respect to privacy, but they have also offered some basic tips on what to consider before accepting terms and conditions:

  1. It is important to read the privacy policies and at least make sure that these companies are not transferring data to countries whose regulations do not offer guarantees similar to those of the General Data Protection Regulation (GDPR). “If they are in the European Union, you know that at least that they apply the GDPR and are subject to close scrutiny from the supervisory authorities,” stated de Juan-Creix.
  2. It is important for the privacy policy to allow you to exercise rights such as your right of access, so you can see which data are being processed. In certain cases, you should also be able to obtain a copy. If not, it does not comply with the GDPR, which includes the rights of access (to see the data they have about you), portability (to receive a copy of all your data in an intelligible and structured format) and erasure. If the application is for European citizens (for example, if it is available in a European language or allows payments to be made in euros), the company that manages it must offer these user rights because it is obliged to apply the GDPR even if it is based outside the European Union. Take into account that the regulations in the United States are less stringent with respect to users’ rights than they are in Europe, so it is important to check this point.
  3. Can they sell or share our data? It is important to be able to identify in the privacy policy to whom your data may be transferred. It may be, for example, to other companies in the same group. “In general the sale of personal data is not permitted, but they can be used to sell advertising to third parties (inside or outside of the application, through the use of cookies),” warned de Juan-Creix. There is also the possibility that, in the future, the company or the application may be sold to a third party with all its intangible assets, such as databases, that is, it would be an indirect sale of your data.
  4. Take into account the internal applications to which you give access. “You have to be careful when giving permissions to applications and, above all, make sure that these permissions are consistent with the service to be provided,” said de Juan-Creix. For example, it would be normal for an app that modifies your photos to ask for access to your gallery, but it would not be normal for it to ask for access to your microphone, contacts or location.
  5. Take into account rights based on integrity and confidentiality obligations. “In the event of a security breach, such as a data leak, the data controller (the party that collects the images or data) must notify the corresponding data protection authority, and depending on the circumstances, also the affected parties,” concluded Vilasau.

So be careful! These types of applications ride on waves of popularity that cause many people around the world to download them to ‘play’, but rushing, popularity and ignorance may lead you to accept clauses that are not restrictive enough in relation to your privacy.

About the author
Comments
Add comment