Special objective: Risks of personal data processing through smartphone applications - Privacy protection

Special objective: Risks of personal data processing through smartphone applications – Privacy protection

To print this article, all you need is to register or login on Mondaq.com.

With the increased capabilities of smartphones and their ubiquitous use, an increasing number of functions previously performed by standalone devices have now moved into the app ecosystem – but doing so increases the risk of misuse of personal data, and therefore regulatory scrutiny under data privacy laws. Recent advice and comments by European Union data protection regulators on FIFA World Cup Qatar apps highlight this risk.

Smartphones contain and collect huge stores of data

Of all the items that a person carries, one can deduce the most information about a person in their smartphone. The wallet may contain receipts (for financial organizations), images (for emotions), and potentially high-risk and/or sensitive data (through receipts, membership cards, or medical certificates, if carried in such wallets).

However, this pales in comparison to the huge amount of personal data that can be gained by accessing a person’s smartphone. The information that smartphones can contain, particularly conversation history, photo and video albums, websites visited and the timing of those visits, application data, personal notes, and reminders all provide an intimate picture of a person’s life, habits, locations, and preferences.

It is worth noting that, for this reason, US police officers generally cannot search a person’s phone without a court order, although other items such as wallets and wallets may be searched on a probable cause basis. In the UK, mobile phone contents search (also known as mobile phone exhumation, or MPE) also requires a warrant although there are many other legal rules that MPE permit without a warrant or court order.

Applications may access this repository and may result in illegal data collection

With so much information contained in smartphones, the potential for apps to violate an individual’s privacy rights is high. This has been noted by many EU data protection regulators, such as Norwegian And the French, regarding two applications required for foreigners who will attend the upcoming FIFA World Cup in Qatar. These apps, which consist of the official FIFA World Cup app (Hayya) and contact-tracing app (Ehteraz), have been criticized for monitoring users’ locations, and for providing Qatari authorities with sweeping powers to access, delete or alter content on users. smart phones. In some cases, the applications have even been likened to “Cyber ​​weaponparticularly when they are discovered to introduce cybersecurity vulnerabilities and monitor or track users without their knowledge.

If the FIFA World Cup were to be hosted in an EU member state, or the UK, these apps would almost certainly attract regulatory enforcement as they would not be compliant with EU data protection laws. This is not a new focus for European data protection regulators – similar concerns have been raised in relation to national track and trace apps created in response to the COVID-19 pandemic. Despite the obvious public interest and urgency of the pandemic, European data protection regulators have been careful to stress the need to process data in accordance with data protection law, given the high risks of interference with private life that may result from unsupervised processing of location and health data, and still respect Data protection principles.

Key considerations

Aside from the required functionality and usability, application developers must mainly consider key questions about their intended processing, including:

  1. whether these functions are better captured by the app;
  2. whether personal data should be processed; And if so,
  3. How the amount of personal data can be limited to what is strictly necessary for such processing and how the processing can be limited to what is strictly necessary to achieve its stated purposes.

To address these issues, developers should consider using timely impact assessments. Mobile app developers need to ensure that products are robust from a cybersecurity and data privacy point of view – European Commission”ToolboxFor COVID-19 app developers and the European Data Protection Council (the body that oversees personal data regulation in the European Union) Guidelines For contact tracing apps may provide a useful starting point for app developers, as they provide practical guidance and recommendations on privacy-friendly features (albeit in the context of a global pandemic).

If an app does not meet most of the recommendations in it, it is unlikely to be compliant with EU data protection laws.

In current realities, it is difficult to see how country applications, if implemented in the EU or the UK, would be considered compliant or avoid regulatory scrutiny and potential enforcement penalties – and as important as the World Cup is to some, an attempt to justify such extensive processing of personal data relating to sporting matches on On the basis of public interests equal to those of a global pandemic, it may be seen as foul play rather than fair play, and regulators may ask for their red cards.

The content of this article is intended to provide a general guide to the subject. It is advised to take the advice of specialists in such circumstances.

Popular articles on: privacy from around the world

Lessons learned from the latest ICO fine

chords, gray

Do you hear that sound? It’s a deafening groan for all those people who have to take their mandatory GDPR training. It won’t surprise you, but I love doing data protection training.

Breach reporting: the pumpkin to talk about

chords, gray

Boo! Do you want to hear something scary? How would you feel if I told you that as a non-EU company subject to the General Data Protection Regulation (GDPR), you may soon have to report personal data breaches…

#Special #objective #Risks #personal #data #processing #smartphone #applications #Privacy #protection

Leave a Comment

Your email address will not be published. Required fields are marked *