You have a solid business idea and value proposition for a mobile app. You’ve done your research into your target audience and selected your software house. Perhaps you’ve even created an MVP and done some usability testing? Great news. Now it’s just a case of getting your app developed and released into the world, right? Let’s get started!
But wait… are you actually ready for your app to be used by the masses?
There are a number of legal considerations that you should be mindful of in the process of developing your app.
In this whitepaper, we give you a rundown of what you should do to make sure you’re compliant. That way, you can get on with the more exciting part of developing your app and getting it to the right people.
When you’re developing a new mobile product, you should think about both protecting your own property rights and ensuring that you’re not infringing on those of other product owners. That’s why it’s important to take legal advice on your IP position early on.
Creating a new mobile app gives rise to a potential new set of rights:
At the beginning of the development process, it is important that you take the time to define, secure and protect your IP rights. You can do this by drawing up IP rights assignment agreements with your internal employees and any contractors involved in the project.
In the case where your mobile app involves using an IP owned by someone else, you should evaluate whether a license is needed for your proposed use, and ensure that you secure all the necessary permissions.
Nobody wants their business idea to be stolen by the competition. So in order to protect yours, you should make sure that you have a confidentiality agreement ready for your chosen software developer to sign. At 10Clouds, we always encourage our clients to sign an NDA before proceeding with the development process.
But what should such a document include?
Note that it is always a good idea to specify precisely which elements of your app are covered by the NDA agreement. This should include but not be limited to: app name, code, graphics, content, client data, processes, marketing and sales materials. Confidential materials can also be labelled as such so that every person using them is aware of the confidentiality obligation.
There are certain exclusions from confidentiality. These typically include:
This section covers the software house’s obligation to maintain the confidentiality of the shared information. The restrictions might include:
Separate to an NDA, you should also have an independent contractor agreement. This specifies the details of how your cooperation will work, and should include any relevant information about the process of work (e.g. using Agile Methodology) as well as how the team will be structured, what time zones you will be working in, what tools and technologies will be used in development and when each phase of the work will be delivered.
The clauses that an Independent contractor agreement should feature:
Services - Listing all of the services that the software house is expected to provide as part of this agreement and the outputs that will be expected from their work.
Compensation - The amount that has been agreed in full for the software house’s services. The manner in which invoices will be issued and paid, and how taxation will be handled.
Term and termination -Your contractor agreement should clearly state how long the contract is expected to last. You may also want to include a clause relating to an early termination from either party and clearly outlining how the handover should be managed in these instances.
Ownership - This should relate to the copyright act, as outlined above.
Rights applications - This reflects your obligation as the app owner to file applications for copyright, trademark, patent and other protections related to their work.
Force majeure (a.k.a. Unforeseeable circumstances) - One of the main things that Covid-19 has taught us is that life doesn’t always go to plan. The same is true of software development. Sometimes, there are circumstances beyond a software house’s control which prevent a certain element of the project from being delivered on time. Remember to include a mutually-binding clause relating to force majeure in your contract.
Privacy is a key legal consideration that is critical in digital product development, wherever you are in the world. We always advise that you think about this from the very beginning of the app development process. Below, we outline the requirements of GDPR, which is applicable to all digital product owners who will be handling the data of users in the European Union. If you’re based in the States, you’ll be bound by the Children’s Online Privacy Protection Act, which we also cover below.
You should also be mindful of the data protection requirements based on the sector that you’re in - e.g. if you’re handling medical data, there will be additional requirements that you have to fulfil. If in doubt about the specific laws that you will be governed by, it’s always a good idea to get a lawyer involved.
GDPR is a set of rules designed to give EU citizens more control over their personal data. It aims to simplify the regulatory environment for business so both citizens and businesses in the European Union can fully benefit from the digital economy.
According to the official GDPR website for the EU:
GDPR is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The regulation was put into effect on May 25, 2018. The GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions of euros.
In a nutshell, there are several measures that you should take to be GDPR compliant:
According to the Federal Trade Commission:
COPPA imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.
Under COPPA, you’re collecting information if you:
In a nutshell, ensure that your privacy policy reflects COPPA regulations and that you’re strictly abiding by the FTC’s COPPA ruling. It must clearly and comprehensively describe how personal information collected online from kids under 13 is handled.
You might also consider getting an official COPPA certification (in the form of a stamp), which will give parents an at-a-glance view of the fact that you’re compliant.
Finally, if your target audience is children, you could consider getting parents’ verifiable consent before collecting personal data on their children, in the form of a required government-issue ID and facial recognition technology.
Here are some practical tips for how you can manage the development and functionality of your digital product in a way that complies with the above regulations:
Unlike the Privacy Policy, the Terms and Conditions of your app are not legally required, and the App Store and Google Play Store do not ask for them. Still, it’s definitely best practice to have them.
Your terms and conditions will vary depending on the nature of your app and the country in which it will be used, but broadly the following items should be contained in them:
Give the name and address of your business, as well as a preferred method of contact.
State any rules pertaining to user behaviour and accessibility of your app, including those relating to safe use.
State any copyright or intellectual property license that applies.
Highlight the instances in which you have the right to legally terminate a user account - e.g. abusive behaviour, bullying, violating rules. You should also state how a user can terminate their own account, how the refund process works, and other important points related to account termination.
Here, you’ll be looking to state that the user is using the product at their own risk and that you will not be held liable for any damages that arise from the use of your app.
This is particularly important for owners of apps that are distributed globally. This clause tells your users what laws your Terms & Conditions will fall under if a dispute arises. Usually, this will be the place in which you’re headquartered. It will mean that if you have a dispute from a client on the other side of the world, there is no debate about which laws will be used to resolve it.
There you have it - the key documents that you’ll need to safely launch your app into the world. We hope that our guidance will be useful in helping you prepare everything you need. And if we could leave you with one piece of advice it would be to start planning for all of these requirements from the very start of the development process. That way you won’t get halfway through building a feature only to later realise it isn’t compliant with GDPR or another legal requirement. Good luck!
