Data Protection Commissioners focus on app privacy compliance

Back to articles

26 September, 2013

Jacob Kohnstamm, chairman of the CBP (Dutch Data Protection Authority), was quoted at the International Data Protection and Privacy Commissioners Conference in Warsaw on 24 September saying “Apps must comply with data protection principles. Expect enforcement”.

In addition to the clear words in his speech, Kohnstamm, as chairman of the Data Protection Commissioners Conference, issued a ‘Warsaw declaration on the ‘appification’ of society’. The Warsaw declaration contains quite clear language on how Data Protection and Privacy Commissioners see privacy in regards to apps. Below are some of the highlights of the Declaration.

Regarding the information duties of the controller, the Declaration introduces a -to me- new principle of ‘surprise minimisation’. Surprise minimisation means that apps should have “no hidden features, nor unverifiable background data collection”.  Instead, clear and intelligible information on data collection should be available for data subject, both before the actual collection starts, as well as within the app. Also, users should have the option to allow access to specific information like location data on a case-­by-case basis.

On the responsibility of the app developer and data controller, the Declaration argues that the app developer needs to ensure a clear decision is made on what information is necessary for the performance of the app and to ensure no additional personal data is collected without informed user consent. This also applies when app developers use third party code or plug ins, such as from ad networks.

Data Protection and Privacy Commissioners state that they will encourage better privacy practice by raising awareness of privacy issues with apps. However, if they find this has insufficient effect, the Commissioners “will be ready to enforce the legislation”.

Read the entire Warsaw Declaration on Appification here. 

The words of Kohnstamm and the Declaration are a clear signal that apps and data protection compliance are on the enforcement radar.

If you would like Considerati to explain privacy compliance for apps or to review an app on data protection compliance, contact us.

Martine Wubben

Senior Legal Consultant

Related blogs

Enforcement of Dutch DPA leads to extra security of medical data

GPs and pharmacists have taken measurements to protect internet connections used to send...

Read more

Will US ISPs now sell browsing habits?

News outlets around the world proclaimed the final deathblow to privacy with President Trump...

Read more

Like to be emailed about Considerati news?

Then subscribe to the Considerati Newsletter! See our privacy statement.