By Steve Eckersley, Head of Enforcement.
When we published our data protection guidance for app developers just before Christmas, I was shocked to see that half the people surveyed about apps had decided not to download one due to privacy concerns.
That figure is sure to be a concern for legitimate app developers, who can ill-afford to be losing half of their target audience. But it’s a concern too for data protection regulators: here’s an industry in its formative years that is already raising privacy concerns.
The issue is an international one – many mobile apps are developed abroad, and many sold to a domestic audience from abroad, and so it was an ideal subject to address through the Global Privacy Enforcement Network, of which ICO is a member.
The group exists to encourage privacy authorities from around the world to work together more closely. You may remember last year we were part of the group’s study of privacy policies, which revealed significant shortcoming on some websites.
This year the focus is on mobile phone apps. Thirty authorities, including the ICO, took part by reviewing popular and significant apps in their jurisdiction.
We were all looking at the types of permissions an app is seeking and whether those permissions exceed what would be reasonably expected based on the app’s functionality. We also looked at how the app explains to consumers why it wants the information and what it will do with it.
It was an interesting piece of work, and I’d expect that bringing together the results from around the world will paint an illuminating picture. There’ll also be follow-up work around contacting specific organisations where we haven’t been impressed by their response.
Like last year, we’ll blog again in the autumn to update you on the results. In the meantime, guidance to help developers look after people’s information correctly remains a crucial read.
Last updated 29/05/2014 14:10
|Steve Eckersley leads the ICO’s Enforcement Team. Its aim is to take purposeful risk-based regulatory action where obligations are ignored, examples need to be set or issues need to be clarified, based on the ICO’s Regulatory Action Policy.|