Mobile apps and data protection
Apps are downloadable applications for mobile devices. They vary not only in byte size but also on the data security scales.
The weather app that can instantly tell you the forecast in your home town and in a selected choice of other countries may be harmless. The more significant apps can impinge on your data protection to a great or lesser degree, by identifying your current location or by storing your personal identification number and password.
A virtual store is available – through yet another app – by means of which further apps can be purchased or, sometimes, obtained at no cost.
The popularity of mobile applications is on the rise. It has been reported that Apple recorded over 30 billion app downloads while Google reached the 20 billion app download mark in its Google Play Store. The need to consider and strengthen data protection principles becomes greater as mobile apps become more sophisticated, and more consumers access digital services from their mobile devices.
Personal data is safeguarded both at EU and at national levels through rules that protect data relating to individuals who are, or can be, identified either from such data itself or from other information that is in the possession of the processor of data.
Little do we consider whether the purchase, download or use of apps is prejudicing our privacy. Indeed, do they? Some apps deal directly, others less so, with protected data. Most often apps lead users to provide personal information, including personal data, information on the mobile’s current location, contact and calendar details, as well as access to the mobile’s camera or sound activation all of which touch on protected data. Other apps incorporate third party analytics or advertising platforms which, though not gathering any data directly from users, still involve transmission of personal data.
A recent report published by the European Data Protection Agency highlights the deficiencies in privacy protection by several players in the app market. The report determines that users are not adequately informed by operators in the app market as to which personal data is being collected, what the purpose of the collection of personal data is and how the data may be used.
The agency reports that the use of apps is based on trust that makes users dependent on the operators themselves to safeguard the users’ data. The report points at the uncertainty concerning the person that is responsible for processing of personal data in the app world. This unclear division of responsibility between operators in the app-market complicates the user’s right of access to personal data.
The incorporation of a clear data protection notice, either in the app itself or in the app store from which a user downloads the app, is therefore a must. These data protection notifications should be read by users to be aware of the type of data that is collected by the app and to what uses the data will be put, and make an informed decision on whether to grant consent for the collection and processing of their data. Industry-standard security practices both in the app itself and in the data storage and processing systems are also necessary. Any transmission of personal data from an app should use proper encryption methods, so should storage of data.
There are thousands of appealing applications. Next time you are purchasing an app, take the time to see whether your data is being adequately protected.
Dr Grech is an associate with Guido de Marco & Associates and heads its European law division.