Global Privacy Sweep Raises Concerns About Mobile Apps

September 10, 2014
Clear, concise privacy language builds consumer trust and is good for business, according to privacy authorities that took part in this year’s global sweep of more than 1,200 mobile apps.

As mobile apps explode in popularity, many of them are seeking access to large amounts of personal information without adequately explaining how that information is being used, participants in the second annual Global Privacy Enforcement Network (GPEN) Privacy Sweep found.

Alberta joins GPEN Sweep

The Alberta Office of the Information and Privacy Commissioner (OIPC) participated in the GPEN Sweep for the first time this year. “Knowing how your personal information is used and shared is key to protecting your privacy,” says Brian Hamilton, Director of Compliance and Special Investigations with the Alberta OIPC. “By joining in this year’s international Sweep we hope to raise awareness among Alberta app developers and mobile device users of the importance of clear privacy statements in mobile apps.”

The Alberta OIPC examined 21 Alberta-based mobile apps in the private, public and health sectors.

International Sweep

The results of the Internet Sweep offer some insight into the types of permissions some of the world’s most popular mobile apps are seeking and the extent to which organizations are informing consumers about their privacy practices.

In total, 1,211 apps were examined. They included a mix of iOS and Android apps (Alberta OIPC also examined Blackberry apps), free and paid apps as well as public sector and private sector apps that ranged from games and health/fitness apps, to news and banking apps.

Participants looked at the types of permissions apps were seeking, whether those permissions exceeded what would be expected based on the apps’ functionality, and most importantly, how the apps explained to consumers why they wanted the personal information and what they planned to do with it.

The results from Alberta are generally in-line with international findings. Some Alberta-based apps do a good job of explaining why apps need to access personal information on devices, such as location and contacts. However, 10 of the 21 Alberta-based apps provided an inadequate privacy notice or no notice at all. The names of the Alberta apps that were reviewed are not being made public at this time, as this was not a formal investigation. Hamilton says, “We will be writing to those app developers where we noted room for improvement and will be giving kudos to those that did a great job.”

The Sweep, which took place May 12 to 18, 2014, involved 26 privacy enforcement authorities from around the world, up from 19 international participants during last year’s inaugural event. The growth of this year’s Sweep shows privacy enforcement authorities are more committed than ever to working together to promote privacy protection.

The GPEN initiative is aimed at encouraging organizations to comply with privacy legislation and to enhance co-operation between privacy enforcement authorities. Concerns identified during the Sweep will result in follow-up work such as outreach to organizations, deeper analysis of app privacy provisions and/or enforcement action.