A staggering 79% of the top 50 Android apps and top 50 Apple apps offer no consent solution at all
Only one in every 50 apps is compliant with the General Data Protection Regulation (GDPR), according to a study carried out by Crownpeak, a global provider of digital governance management.
In a study of the top 50 Android apps and top 50 Apple apps conducted by Crownpeak in July 2018, 98% did not comply with GDPR. The study found that 79% of the apps had no consent notice at all, and of the 21% that did offer a consent solution, only 2% were GDPR compliant, allowing users varying degrees of control over their data. Despite this, every app that was scanned displayed multiple Software Development Kits (SDKs) that appeared to perform some kind of data collection.
Gabe Morazan, senior product manager at Crownpeak, said: “The study shows that apps are a black spot for compliance. On 25 May, consent notices delivered a more informed user experience when browsing on desktop or mobile. But it appears that apps lag behind in compliance programmes. This is particularly worrying, considering that, according to an eMarketer report, apps comprise over 90% of internet time on smartphones.
“Our study showed that users rarely have the ability to control exactly which aspects of their data are shared, signalling lack of genuine consent. On top of this, apps such as Facebook, Instagram, WhatsApp and even Android itself have already come under fire for removing access to their products for users who do not consent to data sharing. Yet at the same time, audiences are already asking more questions about the level of data apps request access to, such as those which unnecessarily ask for permission to view contact information. It suggests a growing gap between consumer expectations and publisher priorities.”
To help developers navigate GDPR consent, Crownpeak is launching its platform, AppNotice; a turnkey solution that helps companies ensure their mobile apps comply with the consent requirements of global privacy laws. The platform provides the app user with a list of all technologies and vendors operating within an app, which could be accessing and processing their personal data. This enables users to granularly opt-in or opt-out of sharing their data with vendors that are not essential to the functioning of the app. In this way, they can still enjoy full access to the app, meeting the regulation’s requirement that users can refuse to consent without detriment.