Under the auspices of the Bavarian state data protection authority, the so-called Düsseldorfer Kreis (an association of all German data privacy regulators for the private sector) on June 23 published guidelines for developers and providers of mobile apps. Since mobile applications increasingly become the focus of regulators, the guide points to data privacy and technical requirements regarding the field of app development and operation, and provides practical examples.
In spring, the Bavarian data privacy regulatory agency had randomly selected 60 apps for closer examination. In the process, the agency looked at privacy notices and compared them with the type of data that, at first glance, was transmitted. In its conclusion, the agency noted that “every app provides some data privacy information, but that this information cannot be adequately reviewed.” Based on this finding, the agency has more closely examined 10 apps, and subsequently created an orientation guide for app-developers and app-providers.
Among other things, the 33-page guide addresses the applicability of German data privacy laws, permit-related statements of fact regarding the collection and processing of personal data in the context of operating a mobile application, technical data privacy, and the notification obligations to be adhered to by the app provider. In addition to the legal notice, the latter include an app-specific privacy statement and other legal obligations.
With regard to app development, the guide of the German DPAs recommends that by utilizing data privacy preferences (“privacy by default”), one must ensure that the app can later be offered without deficiencies in data privacy.
Regarding technical data privacy, the guide elaborates on secure data transmission, as well as the application’s access to the location data of the respective device.
In addition to the above aspects, the guide addresses specific issues arising during the development of mobile applications, such as the integration of functions for payments or apps for young people and children.
For the future, regulators can be expected to be even more concerned with infringements related to apps, and will also be expected to initiate procedures to impose fines. The guidelines are a must-read for every app developer making apps available in Germany and throughout Europe.