Global survey finds 85 per cent of mobile apps failing on data privacy

This article was produced by Nabarro LLP, which joined CMS on 1 May 2017.

Summary and implications

A global survey published by the Global Privacy Enforcement Network (GPEN) has found an alarming degree of data privacy failings amongst mobile apps. The survey, whose findings were published in the UK by the Information Commissioner’s Office (ICO) on 10 September are a wake-up call to both business and consumers.

What is GPEN and what did the survey look at?

GPEN was set up in 2010 on the recommendation of the Organisation for Economic Co-operation and Development (OECD) and comprises the leading data privacy regulators across the world. GPEN looked at a total of 1,211 of the leading mobile apps worldwide. The ICO, as a member of GPEN, looked at 50 of the top mobile apps released by UK developers.

Key findings from the survey

The survey highlighted the following key findings:

• 85 per cent of the mobile apps surveyed failed to clearly explain how they were collecting or using personal data.
• 59 per cent of mobile apps led to users having great difficulty in finding basic information on its data privacy practices.
• 43 per cent of apps did not amend their privacy notices for a mobile screen (meaning that users struggled to read content on their mobiles).
• Almost one third of mobile apps requested an excessive number of permissions to access additional personal information.

What does this mean for business?

The next step is for the GPEN members to write to those developers where “there is clear room for improvement”. The ICO has also mentioned that it will be publishing guidance for consumers to help protect their information when using mobile apps. Going forward, it is imperative that businesses looking to develop or use mobile apps consider data privacy issues from the outset.