In April of 2016, the EU Parliament passed the General Data Protection Regulation (GDPR), an act that was designed to harmonize data privacy laws across the European Union (EU). The GDPR provides requirements for the lawful processing of EU Personal Data, including requirements related to data privacy, consent, and digital services, and goes into effect on May 25th, 2018. GDPR generally applies to the processing of EU Personal Data, and it may apply to you or your company even if you are not in the EU. Data protection authorities may issue fines up to 4% of annual global turnover or €20 Million, whichever is greater, for non-compliance. Garmin wants to share this information, including the reminders of developers’ obligations, with our developer community as a courtesy. This isn’t legal advice - this is a developer blog after all - and we encourage you to consult with your legal counsel for guidance.
Connect IQ is a global platform, and, as stated in the Connect IQ license agreement, developers are responsible for their apps’ compliance with all applicable laws, including those related to data protection and privacy. Specific responsibilities related to privacy can be found in Section 2 of the Connect IQ license agreement. Developers should review the GDPR to determine what obligations they may have under the GDPR. These obligations may include the following:
- Asking for consent for collection of Personal Data
- Providing access to information on what Personal Data concerning them is being processed, where, and for what purpose
- Providing access to any Personal Data collected from them free of charge
- Ability for a user to erase their identity, including the ability to halt third party processing of Personal Data
If your solution collects Personal Data in any way, including using the Communications permission to collect or retain Personal Data (potentially in conjunction with Sensor, Sensor History, or Position permissions) or using any other mechanism, you are responsible for ensuring that your solution is in compliance with the GDPR on or before May 25, 2018.
You may now resume your regularly scheduled programming.