Under the auspices of the Bavarian state data protection
authority, the so-called Düsseldorfer Kreis (an association of
all German data privacy regulators for the private sector) on June
23 published guidelines for developers and providers of mobile
apps. Since mobile applications increasingly become the focus
of regulators, the guide points to data privacy and technical
requirements regarding the field of app development and operation,
and provides practical examples.
In spring, the Bavarian data privacy regulatory agency had
randomly selected 60 apps for closer examination. In the process,
the agency looked at privacy notices and compared them with the
type of data that, at first glance, was transmitted. In its
conclusion, the agency noted that "every app provides some
data privacy information, but that this information cannot be
adequately reviewed." Based on this finding, the agency
has more closely examined 10 apps, and subsequently created an
orientation guide for app-developers and app-providers.
Among other things, the 33-page guide addresses the
applicability of German data privacy laws, permit-related
statements of fact regarding the collection and processing of
personal data in the context of operating a mobile application,
technical data privacy, and the notification obligations to be
adhered to by the app provider. In addition to the legal notice,
the latter include an app-specific privacy statement and other
With regard to app development, the guide of the German DPAs
recommends that by utilizing data privacy preferences
("privacy by default"), one must ensure that the app can
later be offered without deficiencies in data privacy.
Regarding technical data privacy, the guide elaborates on secure
data transmission, as well as the application's access to the
location data of the respective device.
In addition to the above aspects, the guide addresses specific
issues arising during the development of mobile applications, such
as the integration of functions for payments or apps for young
people and children.
For the future, regulators can be expected to be even more
concerned with infringements related to apps, and will also be
expected to initiate procedures to impose fines. The guidelines are
a must-read for every app developer making apps available in
Germany and throughout Europe.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
In this article Filippo Noseda examines the impact of the Common Reporting Standards (CRS), based on practical examples of data transfer and data breaches and analysed in the light of general tax law principles.
Four years after the overhaul of European data protection laws began, the final text of the new General Data Protection Regulation (GDPR) was approved in Spring 2016 and the new rules will come into effect on 25 May 2018.
This update is dedicated to covering the latest legislative developments affecting the way data is managed and protected, as well as reporting on the most recent news governing data breaches and industry developments.
The market of the so-called "connected vehicles" has been considerably growing since 2015. According to a recent study by AlixPartners, 78 million of connected vehicles will be commercialized in 2018, generating a EUR40 billion turnover.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).