The implementation period for the UK Department for Science, Innovation & Technology ("DSIT")'s voluntary Code of Practice for app store operators, app developers and platform operators (the "Code") ends in June 2024, following a nine-month extension. The Code, first published in December 2022 and further amended on 13 October 2023 (see announcement here), encourages the implementation of the following eight principles (by app store operators, app developers and/or platform developers as indicated by the Code in respect of each principle):
- ensure only apps meeting the Code's baseline security and privacy requirements are allowed on the app store;
- ensure app adhere to such baseline security and privacy requirements;
- implement a vulnerability disclosure process;
- keep apps updated to protect users;
- provide important security and privacy information to users in an accessible way;
- private security and privacy guidance to developers;
- provide clear feedback to developers; and
- ensure appropriate steps are taken when personal data breach arises.
Following implementation, the Code will also be reviewed and updated (as required) at least every two years to reflect new technological developments. App operators and developers may also wish to consider the Annexes to the Code which highlight: (a) legal obligations from UK data protection law relevant to the Code; and (b) an overview by the ICO of how stakeholders may refer any security/privacy concerns in apps.
Key contacts
Disclaimer
The articles published on this website, current at the dates of publication set out above, are for reference purposes only. They do not constitute legal advice and should not be relied upon as such. Specific legal advice about your specific circumstances should always be sought separately before taking any action.