How to Build Legal-compliant and User Privacy-centric Mobile and Web apps


A recent report published by Google and the International Finance Corporation shows that there are approximately 700,000 developers in Africa. More than half of these developers are concentrated in five countries- Kenya, South Africa, Morocco, Egypt, and Nigeria with the majority coming from Kenya and Nigeria.

This explains the rapid adoption of technology and the emergence of thousands of new startups in Africa. Just as expected, most if not all modern startups exist in form of web or mobile apps. This cuts across all sectors- from Nigeria’s fintech Flutterwave to Kenyan-based sexual health education Miss SophieBot.

We expect more apps in the near future since most developers think every problem can be solved by an app. However, building a successful tech-based startup takes more than just coding. In fact, coding amounts to nothing more than the elementary stage in building a startup. Some startups exit the market over poor marketing and financial constraints. Other common reasons for market exit include legal implications such as a breach of user data privacy policy.

Building user privacy-centric apps

While some people ignore privacy policy and click “I agree” to the terms and conditions, it means everything elsewhere. Collection and usage of user data while complying with privacy laws is a big challenge even for the big tech.

A good example is when a developer is accessing Google or Twitter APIs or publishing an app on Google Play. One is required to provide a link to terms and conditions of use along with the user data privacy policy.

Early last month, Italy joined France and Netherlands among other European Union countries in banning Google Analytics. Italian Data Protection Authority banned Google Analytics for sending users’ data to the US without any supplementary protection measures by the European Union.

Coming closer home, Safaricom has been forced to restructure its M-Pesa Daraja API. The new API redacts users’ phone numbers and names in compliance with the Data Protection Act 2019. The law requires organizations handling payment data to minimize the use and transfer of sensitive customer data such as names and phone numbers during the processing of a transaction.

Being law-compliant

According to Masibo Law– a popular law firm specializing in user data privacy, a privacy-centric design simplifies everything. It means putting the user first and helping them to be aware of the privacy implications of using your app/product. It also includes how to manage their data in a way that gives them power over how it is used.

For instance, users deserve to know why they should allow an app to access their location. A more practical approach would be to periodically allow the users to select how their data should continue being used.

Again, it is also important to be clear to users on Third Party Access. This can be effected by clarifying if and how their data will be shared with third parties. There should be a precise and careful extraction of users’ consent for this.