Last week, the increased focus of national data protection authorities on the processing of personal data through mobile apps was again confirmed in an open letter from a group of data protection authorities.

Earlier this year, the Global Privacy Enforcement Network (GPEN, consisting of 40 national and regional data protection authorities) carried out a ‘mobile app privacy sweep’ to scrutinize organizations’ collection and use of personal data on mobile apps. The privacy sweep offered an insight into the types of permissions sought by over 1,200 of the most popular apps, and the extent to which users of the apps were informed about the privacy practices of each such app. As a result of this sweep, it was found that the information obligation in particular is rarely complied with, and that numerous instances of apps which appeared to collect personal data did not have a privacy policy or offered other up-front privacy information. It was found that not providing users with up-front information about the processing of their personal data, removes the ability for such users to make decisions about the collection, use and disclosure of their personal data.

In view thereof, an open letter addressed to operators of app marketplaces (such as Google Play, Apple App Store, Samsung, Microsoft, Nokia, Amazon and Blackberry) has been drafted by the Canadian and Hong Kong data protection authorities, and was signed by data protection authorities from 22 other countries including Australia, Belgium, France, Germany, Colombia, Ireland, Israel, Italy, the Netherlands, South Korea, and the UK.

The full letter can be found at: https://www.priv.gc.ca/media/nr-c/2014/let_141210_e.asp.