Mobile apps and privacy challenges

The WSP reports that most mobile apps don’t respect users’ privacy. The Global Privacy Enforcement Network (GPEN) undertook last May a second privacy sweep demonstrating the ongoing commitment of privacy enforcement authorities to work together to promote privacy protection around the world. It is reported that some 26 privacy enforcement authorities in 19 countries participated in the 2014 Sweep.

What are the results of this Sweep? 60% of apps raised privacy concerns, mainly because of the following there issues: mobile app providers don’t disclose how they use personal information; they require that users give up an excessive amount of personal information as a condition of downloading the app (which would be illegal under Canadian data protection laws unless the app is free – see  OPC decision on Facebook and the legality of sponsored services); and their privacy policies were rendered in type too small to be read on a phone’s screen.

Conveying privacy information to mobile app users can be challenging given the small screens of the devices and the very limited attention of users when downloading an app.

The Office of the Privacy Commissioner of Canada, who participated in the Sweep and focused on 151 apps that were either made in Canada or were downloaded frequently by Canadians, recently issued its results and published this month its “Ten Tips for Communicating Privacy Practices to Your App’s Users”.

The guide includes, as a first step, being transparent: making sure the information clearly comes from the mobile app provider, that the information is specific as well as drafted in a manner that comprehensible to the target audience and tailored to the environment (i.e. small screen). As a second step, the guide suggests that mobile app providers should explain which type of information is collected and used. This would include the type of permission it seeks and the type of information it gathers through social media, for instance, when users are asked to log-in using a Facebook, twitter or other social media account. Mobile app rpoviders should ensure to obtain the necessary consent, not only to “access” certain information, but also to collect, use and disclose it. As a third step, the guide encourages mobile app providers to keep privacy information accessible, in some situations by making available information pertaining to its privacy practices directly in the app (by providing a link to a privacy polciy, etc.), or even by allowing users to re-visit the information.

This guide is timely, since there has been a lot of media attention (French media) this week pertaining to privacy concerns with mobile apps.

 

This content has been updated on September 13, 2014 at 8 h 30 min.