European Data Protection Authorities have dealt again with privacy issues concerning the use of apps on smart phones.

Article 29 Data Protection Working Party - an independent European advisory body on data protection and privacy, set up under Article 29 of Directive 95/46/EC – adopted on the 27thof February the opinion n. 02/2013 with the purpose of warning businesses in the mobile industry that they must comply with EU Data Protection Law, including the Data Protection Directive and Section 5(3) of the E-Privacy Law, if they target apps to EU users, regardless of where the businesses are located.

The opinion sets out several sets of prescriptive but non-binding recommendations that  are aimed at app developers, app stores, OS and device manufacturers and other third parties taking part in app ecosystems.

In particular, the Working Party clarifies: the legal framework applicable to the processing of personal data in the development, distribution and usage of apps on smart devices, with a focus on the consent requirement, the principles of purpose limitation and data minimization, the need to take adequate security measures, the obligation to correctly inform end users, their rights, reasonable retention periods and specifically, fair processing of data collected from and about children.

Indeed, the European data protection authorities of the Article 29 Working Party have reported the key data protection risks of mobile apps. It is said that, on average, a smart phone user downloads 37 apps. These apps collect large quantities of personal data from the device often without the free and informed consent of users, resulting in a breach of European data protection law.  The key data protection risks to end users is a lack of transparency and awareness of the types of processing an app may undertake combined with a lack of meaningful consent from end users before that processing takes place.

Hence, the opinion 02/2013 sets out a series of recommendations in respect of app developers and all other parties involved in the development and distribution of apps under European data protection law.