Building an app? Don't break these 4 laws

Personal data security is second to national security. (Duncan Alfreds, Fin24)
Personal data security is second to national security. (Duncan Alfreds, Fin24)

Cape Town – As more local developers rush to build applications, South African law takes a dim view on apps that play loose and fast with personal data.

While it is becoming easier to build mobile applications, local developers may face serious legal hurdles to ensure their apps comply with the law, according to Alec Veitch, senior associate and Jonathan Salant, candidate attorney at Schindlers Attorneys.

Here are the laws that affect mobile application services:

Consumer Protection Act (CPA)

READ: Internet shaming could land you in jail

The CPA governs advertising as well as the selling of goods and services.

“Accordingly, a person who is launching a mobile app must be abreast of the various requirements before blindly launching it to consumers,” said Veitch.

“Advertisements must be in plain and understandable language, the price of the goods or services must be clearly displayed, and the trade description of the goods or services must not be defined in such a way as to mislead the consumer,” Salant added.

In terms of the CPA, mobile apps that offer agency services such as PriceCheck or Hippo Insurance Quotes should disclose whether they represent specific organisations.

Electronic Communications and Transactions Act (ECTA)

“A consumer has the right to a ‘cooling off period’ in terms of which they may cancel any order done through the app within seven days of receiving the goods or services, or within seven days of concluding the contract,” said Veitch.

A consumer should not incur any costs for changing his or her mind during this period, except for the cost of returning the goods. It is illegal for penalties to be levied, to be applied as in the case of a cancelled cellphone or insurance contract.

“Any payment that was made by the consumer prior to the consumer cancelling the agreement must be refunded within 30 days,” said Salant.

Suppliers may not accept direct payments from consumers for services rendered through applications and an SSL (Secure Sockets Layer) certificate is necessary to effect web-based payments.

Copyright Act

READ: Europe 'better' at coping with patent trolls

In simple terms, a developer may not steal the idea for an application.

“It is, therefore, essential that any person who conceptualises a mobile app specifically contract terms that regulate ownership of the intellectual property associated with the app,” said Veitch.

However, in the case where the startup hires a developer to build an application, there should be careful consideration of the legal implications.

“The coder and/or developer should be made to sign a Non-Disclosure Agreement (NDA) prior to commencing work as a safeguard to prevent them from reproducing the app, or anything similar, once the mandate for work with the copyright owner has ended,” said Salant.

Protection of Personal Information Act (Popi)

READ: ID theft costs SA firms a fortune

Popi is a new law that is expected to come into full implementation in July 2016. It will heavily penalise organisations that don’t take adequate care with personal information.

“When a person signs up for a mobile app and personal information is given, it is crucial that the information which is provided is limited to that which is necessary for its specific purpose,” said Veitch.

The act specifically mandates that companies should not share personal data of “data subjects” such as addresses and IDs with third parties without expressed permission.

"The Protection of Personal Information Act (Popi), gives effect to a constitutional right to privacy and the unauthorised access to information regarding the educational, medical, financial, criminal or employment history of an individual as well as their personal details such as ID numbers, contact details and physical addresses is restricted by the act," said Candice Sutherland, business development consultant at SHA Specialist Underwriters.

Identity theft has become a cybercrime priority and business organisations that are found to be negligent with personal data may be fined up to R10m.

"This steady increase in identity theft places organisations and their clients under greater risk of legal, financial and reputational repercussions and must not be taken lightly," said Gianmarco Lorenzi, managing director of Cleardata.


- Follow Duncan on Twitter

We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For only R75 per month, you have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today.
Subscribe to News24
ZAR/USD
16.11
(-0.15)
ZAR/GBP
20.85
(+0.12)
ZAR/EUR
19.16
(-0.15)
ZAR/AUD
11.49
(-0.20)
ZAR/JPY
0.15
(-0.03)
Gold
1901.54
(+0.01)
Silver
24.59
(+0.15)
Platinum
902.03
(+0.40)
Brent Crude
41.85
(-1.66)
Palladium
2378.04
(+0.61)
All Share
55339.58
(+0.99)
Top 40
50692.28
(+0.83)
Financial 15
10790.70
(+3.99)
Industrial 25
74905.70
(+1.05)
Resource 10
52561.57
(-0.49)
All JSE data delayed by at least 15 minutes morningstar logo
Company Snapshot
Voting Booth
Please select an option Oops! Something went wrong, please try again later.
Results
Yes, and I've gotten it.
24% - 69 votes
No, I did not.
52% - 150 votes
My landlord refused
24% - 70 votes
Vote