EU watchdog tightens privacy rules governing mobile apps


The Article 29, a watchdog comprised of the European Union’s top privacy protection groups, today issued a set of new recommendations aimed at app developers and tech giants that run the mobile application stores in the latest attempt to bring order to how your apps handle your private information.

The new set of more detailed recommendations arrives following the recent EU probe into the privacy practices of Google and other tech firms.

The United States Federal Trade Commission set out a similar set of guidelines last month so EU’s new recommendations could have serious ramifications on how Apple’s App Store, Google’s Play Store and other application stores operate…

According to IDG News Service, the EU watchdog wants app store owners to “implement consent collection mechanisms in their OSes at the first launch of the app or the first time the app attempts to access one of the categories of data that have significant impact on privacy”.

These new guidelines require app makers to ask for consent for each type of data accessed including location, contacts, payment data, browsing history and social networks credentials, warning that even consent “does not legitimize excessive or disproportionate data processing,” IDG News Service explains.

According to the guidelines:

The default settings must be such as to avoid any tracking. Third parties must not circumvent any mechanism designed to avoid tracking, as it currently often happens with the ‘Do Not Track’ mechanisms implemented in browsers.

On average, the document claims, smartphone user downloads 37 apps, with most software collecting large quantities of personal data from the device without you ever realizing it.

Chairman of the Article 29 Working Party, Jacob Kohnstamm, notes that “this often happens without the free and informed consent of users, resulting in a breach of European data protection law.”

Special attention is paid to apps targeting children, the group writes.

In addition to following guidelines to comply with EU data protection laws, app developers should specify an inactivity period after which users account will expire so apps you no longer use cannot suck your data into the cloud.

It will be interesting seeing how Google and Apple, who host the vast bulk of mobile apps in use today, respond to these recommendations. Apple on its part bolstered privacy features with the introduction of iOS 6 in September 2012.

Apps that want to access on-device photos, contacts and other private data must first obtain explicit user permission via standard iOS dialogue boxes.

Apple’s latest mobile operating system that powers iPhones, iPads and iPods additionally features per-app toggles in the Privacy pane of Settings to control which third-part software is granted access to location services, contacts, calendars, reminders, photos, Bluetooth sharing, Facebook and Twitter.