On December 9, 2014, a joint open letter (“Letter”) was issued to the operators of seven (7) app marketplaces, urging them to “make the basic commitment to require each app that can access or collect personal information, to provide users with timely access to the app’s privacy policy.” Although the Letter was sent to Apple, Google, Samsung, Microsoft, Nokia, BlackBerry and Amazon.com, the Office of the Privacy Commissioner of Canada (“OPC”) explains that it is intended for all companies that operate app marketplaces.

The Letter was issued by twenty-three (23) privacy enforcement authorities worldwide including authorities in Canada, France, Hong Kong, Israel, Italy, China, Korea, and UK, following the second annual Global Privacy Enforcement Network (“GPEN”) Privacy Sweep (“Sweep”), which took place May 12 to 18, 2014. During the Sweep, twenty-six (26) privacy enforcement authorities from around the world assessed more than 1,200 mobile apps. OPC announced that there were serious concerns about mobile apps and highlighted only twenty-eight percent (28%) of apps provided a clear explanation of their collection, use and disclosure of personal information policies and nearly one-third of the apps contained various privacy communications that were not clear to the Sweep participants.

While the Letter acknowledges that app developers are responsible for communicating their privacy practices, it emphasizes app marketplace operator’s unique and integral role in users’ interactions with mobile apps, which are made available through various app stores and app marketplaces. Accordingly, the Letter urges that app marketplaces require privacy practice information, such as privacy policy links for apps that collect data, to be available to users so that users are “meaningfully informed regarding the collection and use of their data before making the decision to download the app.” 

See also the Ten Tips for communicating their privacy practices effectively with users issued by OPC.