20: Survey finds 85% of mobile apps fail to provide basic privacy information
A recent survey of over 1,200 mobile apps by Global Privacy Enforcement Network (GPEN) representing privacy regulators from across the world has shown that a high number of mobile apps are failing to meet even basic privacy requirements.
85% of the apps surveyed failed to clearly explain how they were collecting, using and disclosing personal information.
More than half of the apps left users struggling to find basic privacy information.
Around half of all app users have decided not to download an app due to privacy concerns at some time.
43% of the apps failed to tailor communications appropriately to the small screen, either by using too small print or hiding information in lengthy privacy policies that required scrolling or clicking through multiple pages.
Almost 1 in 3 apps required excessive numbers of permissions to access additional personal information.
GPEN also found examples of good practice, such as aps which provide a basic explanation of how personal information is being used (including links to more detailed information if the individual wants to know more) and use of “just-in-time” notifications that inform users when collection, or use, of personal data is about to happen. These approaches make it easier for people to understand how their information is being used and when.
A Spokesman from the Information Commissioner’s Office (ICO), said:
“Apps are becoming central to our lives, so it is important we understand how they work and what they are doing with our information. Today’s results show that many app developers are still failing to provide this information in a way that is clear and understandable to the average consumer.”
The ICO will be contacting non-compliant developers to seek assurance that they are taking steps to help people protect their information when using mobile apps.
The ICO has published guidance covering user notices, consent and just-in-time notification, as well as sharing of data with third parties and the importance of a privacy impact assessment , together with examples of good and bad practice. The guidance is well worth reading for both developers and users of smart phones and mobile apps to help them understand how to protect their privacy.
TOP TEN TIPS TO ENSURE YOUR MOBILE APP IS DATA PROTECTION COMPLIANT:
- Don’t hide information away in the small print: provide a clear and simple explanation of how personal information is being collected and used, and include a link to more detailed information if the individual wants to know more.
- Where multiple reminders may cause an interruption to the user experience, provide a clear icon to ‘remember this option’ for users to access the disable options in the settings page.
- Use just-in-time notifications to inform users of the potential collection, or use, of personal data as it is about to happen and include a clear ‘cancel’ option.
- Provide clear indication of which external sites the user can upload the data to at the end of the activity. Ensure that it is clear that there is no obligation to upload anything.
- Provide users with an easy option to use the app without linking with a social networking site or automatically posting their recent activity
- Always make it clear when geo-location services are accessing the current location.
- When uploading location data, allows the user to ‘blur’ the location by, for instance, only naming the nearest town.
- Provide simple means (an easily recognisable icon) to access the settings to configure or to view current permissions.
- Provide a simple interface to remove or hide uploaded activities which the user no longer wants public.
- Provide a simple means to immediately and irretrievably delete activities the user no longer wishes to keep (eg a delete button next to each activity in the ‘history’ tab)
22 September 2014