Data ProtectionGamblingInternetPrivacy

Apps on Smart Devices Data Protection Obligations

Apps for smart phones and tablets collect a large number of information about users. This is why the European Article 29 Working Party issued an opinion on the obligations to be met in the processing of such information applicable to both European and worldwide entities. 

Indeed, the Working Party held that the mere presence of smart devices in the European Union makes the processing of the data collected through them subject to European data protection laws for non-European entities. Therefore apps providers wherever located in the world selling apps to European users shall comply with EU data protection laws. Moreover, the obligations set forth by the ePrivacy Directive apply to the access to any information (i.e. also information that are not personal data) in users’ devices located in the European Union by any entity wherever established.

Usually on the download of an app, users are merely informed and requested to give their consent to the collection of location data through the app. However, according to the Working Party this is not enough to comply with EU laws. Indeed, users shall be provided with a privacy policy listing all the information required by EU laws and grant a specific consent for any type of data processing (e.g. the consent to the download of the application would not suffice as a consent to the collection of location data or as a consent to the collection of contact information from the phone directory). Moreover, the collected data shall be stored in compliance with EU security requirements, cannot be transferred to third parties without the user’s consent, cannot be used for purposes other than those for which it has been collected and cannot be stored for a period longer that the one required for the purpose of the collection.

This opinion is likely to substantially change the approach by app providers and sellers on the collection of users’ data especially if it is taken into account that privacy breaches are punished with criminal sanctions in some cases.

As usual if you want to discuss about the above, feel free to contact me, Giulio Coraggio.

Don't miss our weekly insights

Show More

Giulio Coraggio

I am the head of the Italian Technology sector and the global head of the IoT and Gaming and Gambling groups at the world-leading law firm DLA Piper. IoT and artificial intelligence influencer and FinTech and blockchain expert, finding solutions to what's next for our clients' success.

Related Articles

Back to top button