Only one in every fifty apps is compliant with the General Data Protection Regulation (GDPR) according to a study carried out by Crownpeak, a global leader in digital governance management.
In a study of the top 50 Android apps and top 50 Apple apps conducted by Crownpeak in July 1018, 98% did not comply with GDPR. The study found that 79% of the apps had no consent notice at all, and of the 21% that did offer a consent solution, only 2% were GDPR compliant, allowing users varying degrees of control over their data. Despite this, every app that was scanned displayed multiple Software Development Kits (SDKs) that appeared to perform some kind of data collection.
Gabe Morazan, Senior Product Manager at Crownpeak says: “The study shows that apps are a black spot for compliance. On 25th May, consent notices delivered a more informed user experience when browsing on desktop or mobile. But it appears that apps lag behind in compliance programs. This is particularly worrying, considering that, according to an eMarketer report, apps comprise over 90% of internet time on smartphones.
“Our study showed that users rarely have the ability to control exactly which aspects of their data are shared, signalling lack of genuine consent. On top of this, apps such as Facebook, Instagram, WhatsApp and even Android itself have already come under fire for removing access to their products for users who do not consent to data sharing. Yet at the same time, audiences are already asking more questions about the level of data apps request access to, such as those which unnecessarily ask for permission to view contact information. It suggests a growing gap between consumer expectations and publisher priorities.”
To help developers navigate GDPR consent, Crownpeak is launching its platform, AppNotice; a turnkey solution that helps companies ensure their mobile apps comply with the consent requirements of global privacy laws. The platform provides the app user with a list of all technologies and vendors operating within an app, that could be accessing and processing their personal data. This enables users to granularly opt-in or opt-out of sharing their data with vendors that are not essential to the functioning of the app. In this way, they can still enjoy full access to the app, meeting the regulation’s requirement that users can refuse to consent without detriment.
AppNotice will be powered by Crownpeak’s proprietary vendor database, which is the largest available and automatically identifies the vendors within the app that have access to user data.