On 14 March 2013, the EU data protection authorities of the Article 29 Working Party announced that they had adopted an opinion addressing the key data protection risks of mobile apps. According to the Working Party, the risks range from a lack of transparency and lack of awareness amongst app users to poor security measures, invalid consent mechanisms, a trend towards data maximization and elasticity of data processing purposes. The Working Party noted in its Opinion that many of these risks have already been examined by other international regulators, such as the US Federal Trade Commission ("FTC") and the Attorney General of the Californian Department of Justice.
The Working Party particularly focused on the obligations of app developers, like Google and Facebook, but also considered all other parties involved in the development and distribution of mobile apps in the EU (such as manufacturers of the Operating System and device, app stores and other parties involved in the processing of personal data (such as advertisers and analytics providers)).
The Working Party claims that on average 1,600 new apps are added to app stores daily and 37 apps are downloaded per smart phone user. Those apps collect large quantities of data, including photographs, or use location data. The Chairman of the Working Party, Jacob Khonstamm said that "[t]his often happens without the free and informed consent of users, resulting in a breach of European data protection laws".
The Working Party highlighted that apps may have significant risks to the private life and reputation of users of smart phones, and went on to say that individuals must be in control of their personal data. In some instances where the purpose of the data processing is excessive and/or disproportionate, even if the user has consented, the app developer will not have a valid ground for processing data and would likely be in violation of EU data protection laws. The Working party said that app developers should ask for user consent before the app is able to collect, process, or store information on the mobile device.
Particular focus was given to processing data relating to children. The Working Party shares the concerns expressed by the FTC in its staff report on mobile apps for kids.
The Working Party also made conclusions and recommendations to the various parties involved in the mobile app ecosystem to consider and implement. The Working Party called on the industry to "use [its] creative talent to deliver more innovative solutions to effectively inform users on mobile privacy." It remains to be seen how the industry will answer.