• Created by Unknown User (katrien.vangucht@imec.be), last modified on Apr 03, 2018

Informed consent means you ask your user for permission to collect/store/transmit their data. You should follow the steps below to adhere to the applicable legislation.

1. Inform your user

You must provide your user in a user-friendly way with:

  • a short and clear text about the purposes you will process their personal (health) data for. This message must contain what data is collected and why. Make sure the language is understandable for the user.
  • An identification of the app developer (technical party and/or business lead) + Contact information and localization of the app developer to allow to raise questions.
  • Precise categories of personal data the app will process.
  • Explain how the data will be used.
  • Information where his/her data will be stored, if in any other location than his/her device.
  • Information on the right to access and correct personal data or delete it.

The application informs the users when it has access to other resources of the device, to users’ accounts and to profiles in social networks.

This information:

  • must be available BEFORE app installation
  • must also be accessible from within the app, after installation.
  • must be displayed in the normal usage of the app and do not require the user to navigate into a menu or settings.
  • Moreover, informed consent CANNOT be placed in privacy policy or terms of service and CANNOT be included with other disclosures unrelated to personal or sensitive data collection.

2. Obtain consent

After informing prior or at installation time, you must obtain their informed consent for the specific purpose you will use their data for. If possible, the app should allow users to make granular choices in allowing data processing, rather than obtaining one single consent.

Consent should be asked for separately from the general terms and conditions and requires affirmative user action (e.g. tap to accept, check box, etc.). It can also easily be withdrawn or amended from within the application conform to each specific use case.

3. Update your purpose(s)

If you plan to process user’s data differently or use new data, you must repeat step 1 and 2 before the processing of the data.

Withdrawal

You must give users an easy and user-friendly way of withdrawing their consent (and informing them about what this means) and/or deleting their personal data from your systems.   

  • No labels