DPAs demand transparency from app developers

23 privacy authorities from around the world have written to operators of app marketplaces, including Google Play and the Apple App Store, to make it mandatory for mobile app developers to post links to privacy policies prior to download if they are going to collect personal information. The letter was drafted by the Canadian and Hong Commissioners and then signed by them and commissioners from many countries including Australia, Estonia, Belgium, Colombia, Finland, France, Germany, Ireland, Israel, Italy, South Korea, the Netherlands, New Zealand, Norway and the United Kingdom.

The DPAs say that this is a follow-up initiative to their GPEN mobile app privacy sweep earlier this year (PL&B e-news 8 May 2014 and 17 September 2014).

The DPAs emphasize in an open letter to Apple, Google, Samsung, Microsoft, Nokia, BlackBerry and Amazon.com, that during the sweep ‘a particular concern was that there were numerous instances of apps which appeared to collect personal information but which did not have a privacy policy (or other up-front privacy information), thus removing the ability for individuals to be meaningfully informed when making decisions about the collection, use, and/or disclosure of their personal information. While, by our observation, most marketplaces allow app developers to include a link to a privacy policy, this did not appear to be a mandatory practice.’