On September 10, 2014, the Global Privacy Enforcement Network (“GPEN”) published the results of an enforcement sweep carried out in May of this year to assess mobile app compliance with data protection laws. Twenty-six data protection authorities worldwide evaluated 1,211 mobile apps and found that a large majority of the apps are accessing personal data without providing adequate information to users.
The results indicate that:
- 85% of the mobile apps surveyed failed to provide clear information on how the apps collect, process and disclose user data;
- In 59% of the cases, it was difficult to find information about privacy prior to installing the app;
- 31% of the mobile apps appeared to request excessive access to personal data (e.g., geolocation data); and
- 43% of the privacy notices were not tailored to the size of mobile device screens (e.g., the text is too small to read).
In light of these results, the data protection authorities that participated in the sweep are likely to launch enforcement actions in their jurisdictions. For instance, the Belgian data protection authority announced that it would contact certain stakeholders and, where severe breaches are identified, send cease and desist letters or notify other relevant enforcement authorities.