France's CNIL Bows Privacy Guide for Mobile App Designers; Enforcement Coming
French data protection authority CNIL unveiled final recommendations aimed at helping mobile app designers include better privacy protections in their products, and said it would start enforcing them this year.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
The mobile environment poses greater risks to data confidentiality and security than the web, CNIL said. Apps have more access to more varied and sometimes more sensitive data, such as real-time location and health information. In addition, permissions required from users to access functions and data on their devices can be extensive. Moreover, there are many stakeholders involved in the operation of a single application, so they're more likely to collect or share personal data.
CNIL's recommendations for better General Data Protection Regulation compliance apply to all involved in developing and making available mobile apps, including publishers, developers, software development kit providers, operating systems providers and application store providers.
The recommendations are intended to clarify each stakeholder's role; help stakeholders improve user information on the use of their data; and ensure that consent is informed and unforced, the watchdog said.
Among other things, the recommendations offer advice and best practices to ensure that users understand whether the permissions requested are actually necessary for an app to function. Applications must obtain consent to process data that's not necessary for their operation, CNIL noted.
The authority said it will now provide compliance support to the industry through webinars. Starting this spring, it will launch an investigation campaign on mobile applications to ensure compliance.