Many mobile apps fail to provide basic privacy information

A privacy sweep conducted by 26 Privacy Commissioners around the world reveals that 85% of the apps surveyed failed to clearly explain how they were collecting, using and disclosing personal information (sweep announced in PL&B international e-news 14th May 2014). In the UK, the Information Commissioner’s Office examined 50 of the top apps released by UK developers, including ITV Player, BBC Weather, Google Earth, Gumtree UK, Argos and Vodafone Select. The ICO says that the more well-known apps released by the bigger studios generally performed better than apps developed by smaller teams.

ICO Group Manager for Technology, Simon Rice, said: “The ICO and the other GPEN members will be writing out to those developers where there is clear room for improvement. We will also be publishing guidance to explain the steps people can take to help protect their information when using mobile apps.”

In the global survey:

• for nearly one-third of the apps (31%), sweepers could not understand – after reading the app’s various privacy communications and given what they knew about the app’s function – why it needed access to certain information

• some 43% of apps did not tailor privacy communications to the small screen. The Regulators note that small print and lengthy privacy policies that required scrolling or clicking through multiple pages were cumbersome. However, the GPEN regulators who performed the sweep were impressed by the use of just-in-time notifications on certain apps that informed users of the potential collection, or use, of personal data as it was about to happen.

The Privacy Commissioner of Canada, who coordinated the global survey, praised Shazam and Trip Advisor City Guides for their privacy policies and the way in which they presented them on mobile apps.

The Global Privacy Enforcement Network (GPEN) was established in 2010 upon the recommendation of the Organisation for Economic Co-operation and Development. Its aim is to foster cross-border cooperation among privacy regulators. Results of the GPEN sweep can be seen here and here.