Surely by now this comes as no surprise to most (and even less to people who follow this blog closely):
a survey of over 1,200 mobile apps made by 26 privacy regulators from across the world has shown that a high number of apps are accessing large amounts of personal information without adequately explaining how people’s information is being used.
The above paragraph is posted verbatim from the news release published by the ico., the UK's data protection authority. The survey has been a conducted as a result of the work done by the GPEN, a body that incorporates several privacy authorities from across the world. I had priorly reported about the "mobile apps sweep day" by the GPEN, now the results are out.
The main takeaways are:
- 85% of the apps surveyed failed to clearly explain how they were collecting, using and disclosing personal information.
- More than half (59%) of the apps left users struggling to find basic privacy information.
- Almost 1 in 3 apps appeared to request an excessive number of permissions to access additional personal information.
- 43% of the apps failed to tailor privacy communications to the small screen, either by providing information in a too small print, or by hiding the information in lengthy privacy policies that required scrolling or clicking through multiple pages. .
The release also shows what the regulators consider good practice:
The research did find examples of good practice, with some apps providing a basic explanation of how personal information is being used, including links to more detailed information if the individual wants to know more. The regulators were also impressed by the use of just-in-time notifications on certain apps that informed users of the potential collection, or use, of personal data as it was about to happen. These approaches make it easier for people to understand how their information is being used and when.
- Into the app's settings
- Onto the app store
- Onto the app's promotional site