We would like to place strictly necessary cookies and performance cookies on your computer to improve our website service.
To find out more about how we use cookies and how you can change your cookies settings, please read our  cookies statement.                
Otherwise, we'll assume you are OK to continue.   Please close this message

Apps and privacy

2 December 2014

Regulators in a number of countries have recently stepped up their investigations into the transparency and privacy compliance policies of mobile applications from which we can draw a number of conclusions.

In August 2014, the Federal Trade Commission (FTC) produced a staff report on mobile shopping apps which found that disclosures to consumers are lacking and in particular that consumers were “left in the dark about their potential liability for erroneous or unauthorised charges or about the way shopping apps handle their data”.

The Global Privacy Enforcement Network (GPEN) carried out a global privacy sweep in the Autumn of 2014 whereby 26 regulators in 19 countries assessed over 1,200 mobile apps and found that 85% of them failed to provide basic privacy information.

Of the 1,200 or so apps surveyed only 15% had transparent privacy information and over 30% requested more information than was necessary for the purposes of using the app whilst almost 60% failed to meet basic data protection principles.

The FTC Report coupled with guidance from the Information Commissioner’s Office and an opinion from the Article 29 Data Protection Working Party provide practical advice and tips as follows:

  • apps should make clear consumers’ rights and liability limits for unauthorised, fraudulent, or erroneous transactions
  • apps should be clear and transparent about what personal data is being collected and processed and why
  • companies should adhere to the principles of data protection as regards transparency, accountability, security and limitations on use as well as collecting no more data than is necessary and retaining personal data no longer as necessary
  • individuals should be given clear information in plain language about their privacy rights
  • apps should be developed on the principles of privacy by default and privacy by design
  • consent and marketing permission procedures should be simple and easy to use
  • apps should empower the consumer to be able to manage in real time their privacy preferences
  • consent and permissions should not be a onetime only process.

The increasing attention of the regulators into apps and other online services as regards consumer rights and privacy raised the likelihood of more enforcements, more fines and more loss of trust.

This article was written by Robert Bond.

For more information contact Robert on +44 (0)20 7427 6660 or robert.bond@crsblaw.com