Europe: Mobile apps rarely compliant with basic EU data protection consent rules


Mobile apps may, and frequently do, have access to a lot of personal information. This personal information can include one’s contact list, location, calendar and photos. Through social network integration, this includes access to even more information.

Mobile app providers, however, tend to forget applying some basic principles of European data protection legislation, such as asking the customer for informed consent before downloading the app.

Research on attitudes conducted by the European Commission shows that a majority of consumers are concerned about how companies use their personal information. Such attitudes have been cited by the Commission in its reform towards new EU data protection rules.

For mobile app publishers, which includes many consumer facing companies who offer mobile apps for their customers, complying with current EU data protection law poses a significant challenge. European data protection law imposes that a data subject gives unambiguous consent to the processing of his or her personal information by a mobile app, since other grounds for legitimate processing under the law (e.g. in the performance of a contract) are usually not applicable. Such consent must be given freely, be explicit and informed, rather than assumed.

When considering to download a mobile app, it is usually arduous to learn how data will be processed by the app. Some apps require the creation of an account, which usually includes the agreement to terms of service and a privacy policy. Signing up for an account creates in such cases the possibility to learn how personal data will be processed before agreeing. For other apps however, the options available to someone who is concerned about how personal information will be processed are usually limited. One option is to identify the app publisher’s website and hunt for the applicable privacy policy, if available. Another option is to download the app first, to see if the app contains additional privacy related information on how information is processed, or to be more precise, was processed after the fact.

Mobile app stores enable app publishers to provide a privacy policy when submitting an app. The Apple App Store even requires a privacy policy for certain apps, according to its Developer Guide, namely for those apps that offer auto-renewable or free subscriptions. However, for most apps on the Google Play store and the Apple App Store, submitting a privacy policy is optional and few apps do.

The current practice for app publishers on mobile applications stores is mostly not to provide a privacy policy. Depending on the type of personal information collected and the purposes of the processing, such an approach may be questioned from a compliance point of view to European data protection law, especially in light of the forthcoming new EU data protection regulation. On the other hand, currently accepted practices in the mobile app market do not tend towards providing privacy policies in app descriptions. It therefore remains to be seen how accepted market practices for mobile app publishers will evolve in the near future.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© DLA Piper | Attorney Advertising

Written by:


DLA Piper on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.