The system must request the user’s consent whenever it will collect any
information about them or their actions.
This consent should not be requested before informing the user about the types
of data that will be collected and the purpose for which they will be
Systems usually request information from their users or collect it based
on their interactions with the application.
Regulations demand that none of these collections occur without the user’s
consent, that this consent be demonstrable afterwards and that it only be
requested after having informed the user of the types and purposes of data
Therefore, consent must always be requested in a clear manner and using an easy
to understand language before collecting any personal information.
V10.2 Malicious Code Search.(10.2.1)
Verify that the application source code and third party libraries do not
contain unauthorized phone home or data collection capabilities.
Where such functionality exists, obtain the user’s permission for it to operate
before collecting any data.