Data protection with mobile apps

As part of a global body, 26 privacy regulators from across the world have surveyed 1,211 mobile apps to investigate the transparency of their privacy practices. Of those, the UK’s Information Commissioner’s Office (the ICO) was responsible for studying 50 of the top apps released by UK developers.

Out of the results, most notable was the finding that 85% of the apps failed to clearly explain how they collected, used and/or disclosed users’ personal information. This is particularly concerning because, in most jurisdictions, there is a requirement that users provide informed consent – which means that they must understand what/when data will be collected and what will happen to those data once collected. However, beyond permission being requested (e.g. to use location data), 30% of the apps actually failed to provide any privacy information at all. While many app developers may believe that privacy concerns are not a serious issue, in an era when (in the UK at least) the ICO is increasingly seeking criminal convictions and handing out substantial fines for breaches of the UK’s Data Protection Act (the DPA), such lack of concern is worrying.

While (for the present) privacy policies are not mandatory in the UK, they can provide a useful method for app developers to ensure that they comply with their obligations under the DPA. As such, Briffa recommends that its clients use them in most apps – although this may in conjunction with a more nuanced approach (e.g. providing the basic details to users with a link to your privacy policy for those users who want a more rounded explanation).

For those developers who wish to know more, the ICO has published free guidance for app developers. Alternatively, give one our data protection experts a call on 0207