In general terms is there anything we have to look in our Ionic App for the General Data Protection Regulation in Europe

The GDPR will come into effect on May 25. And it also affects progressive apps and mobile apps making the app publishers are responsible for the user’s Data protection.

A lot of big companies like Google or Facebook are updating their TOS and changing the way they collect and treat user data.

How about Ionic? We should be aware of anything that we should inform our app users? Besides obvious things like analytics and/or Ads.

1 Like

Well, anything your lawyer tells you to look into… Using Ionic or any other technology doesn’t really change how this applies or does not apply to apps in general.

Yes, but all that dependencies and/or SDK do needs to be controlled, documented and showed to the end user.

So that is why I asked… So other people could write something like "we need to Y about the X element…

Reference? Which GDPR/law article precisely?

I have read for the course of this week a lot of articles and post about this and I could not recall exactly where did I saw that for the first time but here but this is one place:

Therefore even if the app publisher has done all the steps required for its app to be GDPR compliant, what about the SDKs? It is a blind spot which app publishers must give extra attention in their GDPR efforts.

Special care should be taken to prevent the app from communicating personal data to a third party in a way that could expose the app to data breaches. If SDKs have been implemented within the mobile app and the SDKs try to access identifying data, the responsibility for the data collection and usage is still the app publisher’s. Validating the compliance of every aspect that goes into the app becomes critical under the GDPR.

That makes sense because it prevents the web/app publisher say something like for example: “I am not in control of the Android SDK”. But the person or firma that offers the service is responsible of how this info comes to the end user.

Thx for the documentation.

I read it (briefly). Effectively it’s the responsibility of the developer/publisher to know what it’s SDK/libraries does with the data but I didn’t saw anything about what you mentioned that the SDKs should be displayed to end user, but maybe I missed the info?

It’s no say which SDK but what it can/does. Say we use an SDK that helps us report console.errors and it goes to a third party server then we should say that in our privacy policy (and we should know how that data is processed beside of what we do with it)

We are agree then

P.S.: I understand your concern, people try to make money with that, just after having read the article this retargeting ad popped up in my Facebook feed :joy:

Well that is creepy…

1 Like