It’s quite common, and even expected, for apps and online services to collect some type of personal information from users, ranging from names and emails to log and device information. Users have some expectations of privacy so that personal information isn’t used in unauthorized or annoying ways. But the reality is such that online service providers require users to relinquish at least some identifiable information for marketing, research and development, and strategic partnerships. This information is collected automatically by online service providers or is voluntarily provided by users (though most likely a combination of both).
Types of information that online service providers typically collect from users:
- Any information users provide when they register for a new account, such as name, email address, or telephone number;
- Information users provide in order to purchase products or services such as credit card numbers and shipping or billing addresses;
- Profile information that is created by users, which may include a username and photo;
- Information automatically collected from use of online services, such as device specific information (hardware model, operating system version, unique device identifiers, and mobile network information);
- Log information, such as search queries, how services were used, internet protocol addresses, telephony log information, cookies, and device event information such as crashes, system activity, hardware settings, browser type, browser language, and the date and time of a user’s request and referral URL;
- Location information, including IP address, GPS, and other sensors on nearby devices like cell towers and Wi-Fi access points;
- Local storage that a service provider stores locally on a users’ device using browser web storage (including HTML 5) and application data caches; and
- Cookies and other anonymous identifiers that are collected when a user visits or interacts with an online service provider’s site.
Read on California Consumer Privacy Act to get a better view on what obligations these companies have when collecting user information from California residents.
How user information is typically used by online service providers:
App developers and online service providers typically collect personal and anonymous user information to provide, improve, and develop services or products. However, they may also use such information for other (sometimes nefarious) purposes. The following is a non-exhaustive list of ways that app developers and online service providers use the personal and non-personal information that they collect from users:
- Providing tailored content to users, such as delivering more relevant ads or search results;
- Using a username or any other identifier a user provides in association with a profile that the user creates, which may be private or publicly available to other users;
- Displaying photos or other media that you provide in content feeds or within a service’s advertising;
- Communicate with users about technical issues and product or service questions;
- Improve user experience of a website or app. Users sometimes have the option of setting account preferences, which may change the appearance, subject matter, and frequency of ads or other content on a site or app;
- Provide personally relevant product features such as customized products, tailored advertising, and spam and malware detection; and
- Combine user information from one service with another service to make it easier to access a users’ network and to share content between services.