The Office of the Data Protection Commissioner (ODPC) recently released the results of the second Global Privacy Sweep. Twenty-six privacy enforcement authorities, including Ireland, participated in the Sweep, which examined 1,211 apps. The theme of the Sweep, Mobile Privacy, was chosen due to many privacy enforcement authorities having identified mobile apps as a key area of focus in light of the privacy implications for customers.
The results of the Sweep provide an insight into the extent to which organisations are informing consumers about their privacy policies. The Sweep shows:-Three-quarters of apps requested at least one permission, the most common being location, device ID, access to other accounts, camera and contacts. In 59% of apps, it was difficult to find any privacy related information prior to installing the app. 31% of apps sought access to information that exceeded the functionality of the apps. 43% of apps did not tailor privacy communications to the small screen. Privacy policies were in small print and lengthy, requiring scrolling and/or clicking through multiple pages. Only 15% of apps provided a clear explanation of how it would collect, use and disclose personal information.
The ODPC in Ireland examined 20 apps, 55% of which were allocated a score of 2, meaning that privacy information only partially explained the app's collection, use and disclosure of personal information, with questions remaining in respect of some of the permissions requested.
The results highlight the importance of app developers being transparent when communicating privacy practices to app users. App developers must provide clear information, which is easily readable, explaining why data is being collected, and how it will be used, priorto users downloading the app, and provide links to privacy policies that are tailored to the app itself. Where possible, pop-ups and just-in-time notifications should be used informing users of potential collections, or uses, of personal data.
For tips on how to comply with data protection law and guarantee users’ privacy, when developing mobile apps, see my recent article Developing Mobile Apps: How to be privacy savvy published in a recent edition of the Data Protection Ireland journal.