Privacy returned to European legislators’ agenda in yet another form last week, as the excitingly named Article 29 Working Party (A29WP for short) met to discuss, among other things, data protection practices of mobile app developers and the EU’s increasingly adversarial relationship with its bête noire, Google.
The group’s press release announcing further investigation of Google’s privacy policies, which it claimed to be deficient back in October 2012, was the biggest news to come out of the meeting. But A29WP also promised that data regulators will shortly issue an opinion on how well mobile apps currently comply with data protection laws and what needs to be done about it.
That such a statement is necessary probably suggests the answer is “not very well” and that app developers need some serious education in the field. They would be advised to start seeking it proactively if they aren’t already, because recent research by Ipsos Mori for TRUSTe shows that 79 per cent of British smartphone users avoid apps that they don’t believe protect their privacy. Two-thirds of respondents are more worried about this than they were a year ago.
Google has been receiving plenty of attention in this area too, as a result of stories about app developers being sent the contact information of people who download apps from Google Play, which is the Android mobile operating system’s app store. This happens because Android users actually buy apps directly from the developer despite using Google Play’s ‘store front’ to do it. Apple App Store customers, conversely, buy their apps from Apple, which holds onto their data.
Privacy campaigners argue that Google doesn’t explicitly tell app users that email addresses will be given to the software providers. And the fact that an app developer was the first to bring this issue to widespread attention, not wanting to handle the personal data he was being sent, suggests that indeed this is an area where more controls are needed.
Apps are often produced by small businesses and sole traders who might not have the expertise or technology to meet the requirements of data protection laws. Whether it’s at Google’s end or that of developers, something needs to change quickly to prevent consumers’ data being unduly exposed and mobile apps suffering widespread decay of trust.