With the increased capabilities of smartphones and their ubiquitous use, an increasing number of functions previously performed by standalone devices have now moved into the app ecosystem – but doing so increases the risk of misuse of personal data, and therefore regulatory scrutiny under data privacy laws. Recent advice and comments by European Union data protection regulators on FIFA World Cup Qatar apps highlight this risk.
Smartphones contain and collect huge stores of data
Of all the items that a person carries, one can deduce the most information about a person in their smartphone. The wallet may contain receipts (for financial organizations), images (for emotions), and potentially high-risk and/or sensitive data (through receipts, membership cards, or medical certificates, if carried in such wallets).
However, this pales in comparison to the huge amount of personal data that can be gained by accessing a person’s smartphone. The information that smartphones can contain, particularly conversation history, photo and video albums, websites visited and the timing of those visits, application data, personal notes, and reminders all provide an intimate picture of a person’s life, habits, locations, and preferences.
It is worth noting that, for this reason, US police officers generally cannot search a person’s phone without a court order, although other items such as wallets and wallets may be searched on a probable cause basis. In the UK, mobile phone contents search (also known as mobile phone exhumation, or MPE) also requires a warrant although there are many other legal rules that MPE permit without a warrant or court order.
Applications may access this repository and may result in illegal data collection
With so much information contained in smartphones, the potential for apps to violate an individual’s privacy rights is high. This has been noted by many EU data protection regulators, such as Norwegian And the French, regarding two applications required for foreigners who will attend the upcoming FIFA World Cup in Qatar. These apps, which consist of the official FIFA World Cup app (Hayya) and contact-tracing app (Ehteraz), have been criticized for monitoring users’ locations, and for providing Qatari authorities with sweeping powers to access, delete or alter content on users. smart phones. In some cases, the applications have been likened to “Cyber weapon‘, particularly when they have been found to introduce online security holes and monitor or track users without their knowledge.
If the FIFA World Cup were to be hosted in an EU member state, or the UK, these apps would almost certainly attract regulatory enforcement as they would not be compliant with EU data protection laws. This is not a new focus for European data protection regulators – similar concerns have been raised in relation to national track and trace apps created in response to the COVID-19 pandemic. Despite the obvious public interest and urgency of the pandemic, European data protection regulators have been careful to stress the need to process data in accordance with data protection law, given the high risks of interference with private life that may result from unsupervised processing of location and health data, and still respect Data protection principles.
Aside from the required functionality and usability, application developers must mainly consider key questions about their intended processing, including:
- whether these functions are better captured by the app;
- whether personal data should be processed; And if so,
- How the amount of personal data can be limited to what is strictly necessary for such processing and how the processing can be limited to what is strictly necessary to achieve its stated purposes.
To address these issues, developers should consider using timely impact assessments. Mobile application developers need to ensure that the products are robust from a cybersecurity and data privacy point of view – according to the European Commission”ToolboxFor COVID-19 app developers and the European Data Protection Council (the body that oversees personal data regulation in the European Union) Guidelines For contact tracing apps may provide a useful starting point for app developers, as they provide practical guidance and recommendations on privacy-friendly features (albeit in the context of a global pandemic).
If an app does not meet most of the recommendations in it, it is unlikely to be compliant with EU data protection laws.
In current realities, it is difficult to see how country applications, if implemented in the EU or the UK, would be considered compliant or avoid regulatory scrutiny and potential enforcement penalties – and as important as the World Cup is to some, an attempt to justify such extensive processing of personal data relating to sporting matches on On the basis of public interests equal to those of a global pandemic, it may be seen as foul play rather than fair play, and regulators may ask for their red cards.
“Our smartphones are powerful repositories of highly sensitive personal information, including our intimate conversations, family photos, location history, browsing history, and vital, medical and financial data. They reveal the patterns of our daily personal and professional lives and enable insights into our actions, behaviour, beliefs and state of mind. It is no exaggeration to say that the personal data in our mobile phones richly depicts our lives.” Information Commissioner’s Office
#Special #objective #risks #personal #data #processing #smartphone #applications