Mobile Data sweeps worldwide
May 19, 2014 |
Privacy Regulators have undertaken a review of mobile apps. And not before time. While mobile apps are becoming a necessary part of marketing a business, accessing services and a means of collecting data for business it is also an easy highway into personal data by those whose motives are less than pure. App developers are often the weak link in data security.
The French Data Protection Authority reviewed 100 mobile apps during an internet sweep. This was part of a global enforcement sweep which was announced on May 6 (found here) which provides:
OTTAWA, May 6, 2014 — The exploding popularity of mobile applications is raising a number of privacy concerns, prompting the Global Privacy Enforcement Network (GPEN) to focus its 2014 international Privacy Sweep on mobile apps.
The Sweep from May 12 to 18, 2014, involving 27 privacy enforcement authorities from around the world, is aimed at shedding light on the collection and use of personal information on mobile apps.
“The number of mobile applications offered to consumers is growing at an astonishing rate and many of them collect a great deal of personal information,” says Chantal Bernier, Interim Privacy Commissioner of Canada.
“It is important that consumers have the information necessary to really understand what they are agreeing to when they install an app on their mobile device. App developers need to be transparent and offer clear, easy-to-understand privacy information.”
Sweep participants will be looking at the types of permissions an app is seeking, whether those permissions exceed what would be expected based on the app’s functionality, and most importantly from a transparency perspective, how the app explains to consumers why it wants the personal information and what it will do with it.
Participating authorities will look at some of the most popular apps or apps that are of particular interest in their country or region. For example, some authorities plan to focus on health-related apps or apps developed by public sector organizations.
This year, 27 authorities will participate in the sweep, compared to 19 in 2013. The GPEN initiative is aimed at encouraging organizations to comply with privacy legislation and to enhance co-operation between privacy enforcement authorities. Concerns identified during the Sweep will result in follow-up work such as outreach to organizations and/or enforcement actions.
Participants of the first GPEN Privacy Sweep in 2013 assessed the online transparency of organizations in informing consumers about their privacy practices. As part of that initiative, the Office of the Privacy Commissioner of Canada followed up with a number of organizations, including insurance companies, financial institutions and media companies, regarding their privacy policies. Many of them agreed to make significant changes to their privacy policies in order to incorporate PIPEDA requirements and suggested best practices.
The Global Privacy Enforcement Network connects privacy enforcement authorities to promote and support co-operation in cross-border enforcement of laws protecting privacy.
The results of the 2014 sweep will be compiled and we expect they will be made public by the fall of 2014.
The Australian Privacy Commissioner announced it was part of the 27 privacy authorities that will examine mobile apps to identify privacy issues (see announcement here). The real problem in Australia is that many mobile app developers are not caught by the operation of the Privacy Act. They rarely have a turnover of over $3 million. Similarly there will be a reasonably large number of businesses which would not meet that threshold. So a data breach here, access to personal information there and misuse of that acquired information all over the place will be out of reach of the regulator. A very significant flaw in the law.
[…] Mobile Data sweeps worldwide […]