The European Community’s Article 29 Working Party has just published an opinion on smartphone apps that discusses the obligations of app developers and all other parties involved in the development and distribution of apps under European data protection law. Among the Working Party’s recommendations is that free and informed consent of end users is essential for compliance with such law.
For example, the opinion states that the developer of an app that makes restaurant recommendations based on a user’s location must obtain consent from the smartphone user to install the app and a second consent when the app accesses geolocation data. Further, the opinion defines specific consent in its example as consent that is limited to accessing the geolocation data for the purpose of recommending restaurants only, and that such geolocation data would not be accessed by the device for any other purpose.
The opinion makes several other recommendations, including for developers to allow users to revoke their consent and uninstall the app and delete data where appropriate. The Working Party states that the opinion, as well as Directive 95/46/EC (the EU Data Protection Directive), applies to any app targeted to app users within the EU, regardless of the location of the app developer or app store.