Apps for ‘smart devices’ are the focus of the latest Opinion from the Article 29 Working Party. The Opinion reminds app developers of the risks that they run and includes a series of recommendations.
The Opinion’s general approach is illustrated by this extract:
‘App developers unaware of the data protection requirements may create significant risks to the private life and reputation of users of smart devices. The key data protection risks to end users are the lack of transparency and awareness of the types of processing an app may undertake combined with a lack of meaningful consent from end users before that processing takes place. Poor security measures, an apparent trend towards data maximisation and the elasticity of purposes for which personal data are being collected further contribute to the data protection risks found within the current app environment.
A high risk to data protection also stems from the degree of fragmentation between the many players in the app development landscape. They include: app developers; app owners; app stores; Operating System and device manufacturers (OS and device manufacturers); and other third parties that may be involved in the collection and processing of personal data from smart devices, such as analytics and advertising providers.’
The Working Party’s Opinion clarifies the legal framework applicable to the processing of personal data in the development, distribution and usage of apps on smart devices, with a focus on the consent requirement, the principles of purpose limitation and data minimisation, the need to take adequate security measures, the obligation to correctly inform end users, their rights, reasonable retention periods and specifically, fair processing of data collected from and about children.