The Article 29 Working Party (WP29) has published long-awaited draft guidance on transparency and consent under the General Data Protection Regulation (“GDPR”).  We are continuing to analyze the lengthy guidance documents, but wanted to highlight some immediate reactions and aspects of the guidance that we think will be of interest to clients and other readers of InsidePrivacy.  The draft guidance is open for consultation until 23 January 2018.
Continue Reading EU Regulators Provide Guidance on Notice and Consent under GDPR

In May 2014, the Global Privacy Enforcement Network (“GPEN”) performed its second Global Privacy Sweep, in which 26 privacy enforcement authorities from 19 countries downloaded 1,211 mobile apps and assessed their privacy practices. On September 10, 2014, the Office of the Privacy Commissioner of Canada (“OPC”) published the results of the Sweep (the “OPC Report”). The main findings can be summarized as follows:

  • While most apps provided some privacy information, only 15% clearly explained the app’s privacy practices.
  • 30% of the apps tested provided no privacy communications to users—such as a link to or information about the app’s privacy policy—other than communications requesting access to information (referred to as “permissions”).
  • Nearly 60% of the apps tested raised privacy concerns before the app was downloaded—meaning that there was not enough information available prior to download for potential users to adequately assess or review the app’s privacy policies.
  • 43% of the apps reviewed did not tailor privacy communications to small screens such as those present on smartphones and tablets.
  • 31% of the apps requested access to more information than necessary, based on GPEN’s understanding of the app’s functionality. Of the types of data requested, location was the most popular, followed by device IDs.

Continue Reading Global App Review Finds 85% of Apps Have Privacy Shortcomings