Eu Privacy Watchdog Issues New Recommendations For App Stores Developers

Following investigations into Google and others, EU privacy watchdog group known as the Article 29 working group have today issued new guidelines for mobile app developers. The group is made up of EU data and privacy protection authorities, and the new recommendations extend to “all other parties involved in the development and distribution of apps under European data protection law.” That means Apple’s App Store, Google Play, and other app marketplaces could be affected. IDG News Service reports Apple and other mobile platform owners will have to “implement consent collection mechanisms in their OSes at the first launch of the app or the first time the app attempts to access one of the categories of data that have significant impact on privacy.”

The rest of the recommendations focus on restricting the amount of data collected from users, and the group noted that special attention has been given to apps that target kids:

Privacy risks mobile apps

Smart phones and tablets contain large quantities of intimate personal data from and about their users, such as contact details, locational information, banking details, photos and videos. In addition, these devices can record, or capture in real-time, a range of data types from a multitude of sensors including microphones, compasses or other devices used to track a user’s movement. Although app developers want to provide new and innovative services, the apps may have significant risks to the private life and reputation of users of smart devices if they do not comply with EU data protection law. Individuals must be in control of their own personal data. Therefore apps must provide sufficient information about what data they are processing before it takes place in order to obtain meaningful consent.Poor security is another data protection risk, which could lead to unauthorised processing of personal data through the trend of data maximisation and the elasticity of purposes for which personal data is being collected, such as for ‘market research’. This increases the possibility of a data breach.