Compliance with the privacy policy of the API licensor is an important term and condition of using the API. If the licensor is bound by privacy rules and is not allowed to retain private data, then the licensee should be prohibited from retaining data as well. Twitter is a good example. According to the Terms of Use, a developer cannot retain and republish deleted Tweets. Twitter recently shut down “Politwoops”, an account run by a not for profit organization dedicated to political transparency, because the retention and republishing of deleted tweets violated the developer (API) agreement.
In addition to privacy and data retention restrictions, the article discusses data security - whether the developer is able to retain some data, how it will keep it secure and in compliance with the licensor’s data security policies.
The article also stresses that it is important to understand the extent to which a licensee can distribute the API platform’s data. For example, using a platform API feed to display platform content in a window on a licensee’s own site, as opposed to cherry picking posts and republishing them, may or may not be authorized. Finally, the article points out that it is important for the licensee to obtain consent from the platform’s end-users, because even if end-users gave consent to the API licensor to use the material they generate on the site, this consent may not extend to an API licensee.
Takeaway:
- Developers must understand and comply with the privacy and data use policies of the API licensor. Failure to do so may result in loss of access to the API, with the resulting removal of the app from the site.