Mobile apps privacy scrutinised by data protection authorities

The UK's Information Commissioner's Office (ICO) confirmed that the thirty regulators, under the auspices of the Global Privacy Enforcement Network, had undertaken a review of "popular and significant apps in their jurisdiction". The results of the study are to be published in the autumn.

"We were all looking at the types of permissions an app is seeking and whether those permissions exceed what would be reasonably expected based on the app’s functionality," Steve Eckersley, head of the ICO's enforcement team, said in an ICO blog. "We also looked at how the app explains to consumers why it wants the information and what it will do with it."

"It was an interesting piece of work, and I’d expect that bringing together the results from around the world will paint an illuminating picture. There’ll also be follow-up work around contacting specific organisations where we haven’t been impressed by their response," he said.

In December last year the ICO issued new guidance on privacy in mobile apps. In it, the watchdog suggested software developers could deploy "just-in-time notifications" to inform users about the imminent processing of personal data in their apps.

Pop-up disclosures were one way companies could explain to users how they plan to use their personal data, and could help them meet the legal standard for obtaining consent to such activity under the Data Protection Act (DPA), the ICO said. It warned businesses that traditional ways of presenting information to customers about their privacy may not be suitable for a mobile environment.