On May 13, 2014, the French data protection authority (“CNIL”) announced that as part of Internet Sweep day it will examine the 100 most commonly used mobile apps in France.
The CNIL has indicated that it will review whether privacy notices for these mobile apps are clear and comprehensible, effectively providing users with information about:
- the categories of personal data to be collected (such as location data, contacts and terminal identifiers);
- the purposes for which personal data are collected;
- whether personal data are transferred to third parties;
- the right of the users to object to the collection and transfer of their personal data.
This is the second Internet Sweep day organized by the Global Privacy Enforcement Network, involving the CNIL and 26 other data protection authorities (see our previous post here). The review will be conducted using a common set of criteria to provide an inventory of worldwide mobile apps’ practices.
The CNIL also announced that it may carry out formal investigations, and issue sanctions, if its initial findings reveal serious breaches of the French Data Protection Act.