Preiskel & CoPreiskel & Co
Preiskel & Co
  • Home
  • About Us
    • Diversity, Social Responsibility, and Pro Bono
  • Services
    • Corporate
    • Commercial
    • Regulatory
    • Competition & Antitrust
    • Data Protection, Privacy, and Retention
    • Intellectual Property
    • Dispute Resolution
    • Employment
  • Sectors
    • Telecommunications
    • IT, Technology, & Internet
    • Media and Broadcasting
    • Websites, Blogging, & Social Media
    • Film & Television
    • Gambling & Online Gaming
    • Leisure & Retail
    • Energy & Minerals
    • Cryptocurrency & Blockchain
    • Creative Industries
  • People
    • Daniel Preiskel
    • Ronnie Preiskel
    • Tim Cowen
    • Jose Saras
    • Robert Dougans
    • Karthyaeni Vittala
    • Tina Cowen
    • D A T Green
    • Richard Stewart
    • Mor Swiel
    • Ilanit Appelfeld
    • Stephen Dnes
    • Daniel Oakland
    • Robert Harvey
    • Martina Raciti
    • Joanna Coombs-Huang
    • Xavier Prida
    • Stewart White
    • Alison MacFarlane
    • Hannah Leader
    • Peter Dally
    • Antony Corel
    • Sue Warwick
    • Tony Curzon-Price
    • Shardi Shameli
    • Stephen Hornsby
    • Ewelina James
    • Maria Constantin
    • Sophia Yakhno
    • Rachael Machado
  • International
  • Blog
  • News
    • Publications
  • Contact
Menu back  

DCMS Publishes New Security and Privacy Principles for App Store Operators and Developers

February 16, 2023By Preiskel & Co

The Department for Digital, Culture, Media, and Sport (“DCMS”) recently published a new ‘Code of Practice for App Store Operators and Developers’ (“Code”), following calls to improve app security and privacy for users. The new Code of Practice sets out eight key principles for stakeholders in the digital app space. The stakeholders who shall adhere to these principles are:

  • App Store Operators, who shall implement the right processes to ensure that the apps available on their Store are not a risk to users and privacy.
  • App Developers and Platform Developers, who shall also have a clear responsibility for ensuring that they are creating apps and platforms with appropriate security and privacy standards.

The new principles are to:

  • Ensure only apps that meet the Code’s security and privacy baseline requirements are allowed on the app store;
  • Ensure apps adhere to baseline security and privacy requirements;
  • Implement a vulnerability disclosure process;
  • Keep apps updated to protect users;
  • Provide important security and privacy information to users in an accessible way;
  • Provide security and privacy guidance to developers;
  • Provide clear feedback to developers; and
  • Ensure appropriate steps are taken when a personal data breach arises.

The Code attempts to ensure that there are baseline security standards for apps that enter into the digital marketplace, as well as effective reporting processes to continuously ensure apps are complying with such standards. These standards can include using industry standard encryption and restricting requests for privileges and permissions beyond those necessary for the functional requirement of the app.

There will be a nine-month period for operators and developers to adhere to this Code, and the DCMS shall initially focus on adherence from the operators. Operators, in particular, shall be responsible for implementing vetting processes and disclosure mechanisms to ensure that certain apps with security vulnerabilities can be identified and resolved, or where necessary, removed from the store.

The DCMS shall initiate meetings with operators from early 2023 to monitor how they are enacting the necessary changes in their processes in line with the Code. App operators are requested to produce confidential written reports from spring 2023 to outline the steps they are taking, and they are also encouraged to request additional meetings for further clarity to ensure that their processes are adequate.

The Minister of the DCMS describes the new Code as a first step in a series of policy interventions intended to protect consumers from malicious and insecure apps, with the possibility of introducing regulation in the future, should these voluntary policy interventions not achieve the desired outcome.

For now, in the absence of further mandatory regulation, the DCMS encourages app developers and operators to take urgent action to adhere to the principles, and demonstrate their adoption of this Code, by affirming such compliance publicly on their company website, app website or on the app store. Whilst this Code is voluntary, adherence to such principles allows developers and operators to show users that they are delivering security as standard to protect them from malicious actors and vulnerable apps.

Find the new Code of Practice here.

 

Please contact Jose Saras and Xavier Prida if you have any questions regarding compliance with the ever evolving data protection regulatory framework.

The material in this article is only for general review of the topics covered and does not constitute legal advice. No legal or business decision should be based on its content.

This article is written in English language. Preiskel & Co LLP is not responsible for any translation of all or part of its content into any language.

Leave Comment

Cancel reply

Your email address will not be published. Required fields are marked *

clear formSubmit

Latest Preiskel & Co blog posts
  • Advocate General Opinion on Automated Credit-Scoring & Retention of Insolvency Data
    March 28, 2023
  • White House’s Economic Report of the President sets out a roadmap to improve competition in digital markets
    March 22, 2023
  • Brussels Conference brings in industry leaders to discuss the international antitrust landscape
    March 22, 2023
  • Issues in the UK’s forthcoming Digital Markets, Competition and Consumer Bill
    March 17, 2023
  • Stormy weather for cloud computing in the EU
    March 16, 2023
  • Inmarsat Takeover Provisionally Cleared for Take-Off
    March 10, 2023
  • EDPB’s Feedback on the New EU-U.S. Data Privacy Framework
    March 6, 2023
  • UK Data Reform Bill to return to the House of Commons
    March 3, 2023
  • DCMS Publishes New Security and Privacy Principles for App Store Operators and Developers
    February 16, 2023
  • DPO’s Dismissal & Conflicts of Interest Under The EU GDPR – CJEU Ruling
    February 14, 2023
  • ICO – Change of Deadline for Reporting Breach Notifications for Communication Service Providers
    February 6, 2023
  • General EU Requirements for Cookie Banners – EDPB Task Force Report
    January 27, 2023

The Preiskel Blog

  • Advocate General Opinion on Automated Credit-Scoring & Retention of Insolvency Data 28 Mar 2023
  • White House’s Economic Report of the President sets out a roadmap to improve competition in digital markets 22 Mar 2023
  • Brussels Conference brings in industry leaders to discuss the international antitrust landscape 22 Mar 2023
  • Issues in the UK’s forthcoming Digital Markets, Competition and Consumer Bill 17 Mar 2023

Preiskel news

  • Senior Partner, Danny Preiskel, quoted by IT Pro on the costs incurred by MNOs
  • Senior Partner, Danny Preiskel, will be a panellist at GCCM Carrier Community 2023 on IOT
  • Jose Saras and Xavier Prida Awarded First Place as Data Protection Thought Leaders in the UK
  • Ronnie Preiskel chosen to judge 24 May 2023 The Tech Capital Global Awards
Preiskel tweets
  • Advocate General Opinion on Automated Credit-Scoring & Retention of Insolvency Data. Find out more here: https://t.co/bJkvPBvj6F12 hours ago
  • Issues in the UK’s forthcoming Digital Markets, Competition and Consumer Bill. Find out more: https://t.co/3BHP1xq69Y5 days ago
  • White House’s Economic Report of the President sets out a roadmap to improve competition in digital markets. Find o… https://t.co/S7J7sX3kfs6 days ago
Preiskel & Co LLP
4 King's Bench Walk,
Temple,
London
EC4Y 7DL
United Kingdom

Tel: +44 20 7332 5640
Email: info@preiskel.com

Find us on:

TwitterLinkedinMail
© Preiskel & Co LLP 2023 | Site map | Legal notices | Cookie Policy | Privacy