The aim of the Global Privacy Enforcement Network (GPEN) is to foster cross-border cooperation among privacy regulators in an increasingly global market in which commerce and consumer activity relies on the seamless flow of personal information across borders. This informal network is comprised of 47 privacy enforcement authorities (PEAs) in 37 jurisdictions around the world. In May, 26 PEAs took part in GPEN's Second Annual Privacy Sweep. Mobile apps were the focus of this year's activity. The PEAs noted that mobile apps often seek to access large amounts of personal information. The Privacy Sweep set out to examine app's privacy policies as well as the types of permissions the apps request by replicating the “consumer experience” offered by the apps. Participating PEAs put forward 1,211 apps for consideration. They included a mix of Apple and Android apps, free and paid apps as well as public sector and private sector apps that ranged from games and health/fitness apps, to news and banking apps. Participants looked at the types of permissions the apps were seeking, whether those permissions exceeded what would be expected based on the apps' functionality, and most importantly, how the apps explained to consumers why they wanted the personal information and what they planned to do with it. The results were discouraging. Just 15 percent of the apps examined provided a clear explanation of how the app collects, uses and discloses personal information. The most privacy-friendly apps offered brief, easy-to-understand explanations of what the app would and would not collect and use pursuant to each permission. Banking apps were among the most privacy-friendly. When examining the data collected in the Privacy Sweep, it was discovered that although 75 percent of all the considered apps requested one or more permissions, 54 percent of the apps were rated poorly in terms of consumers' privacy protection. For those apps, privacy information was either absent (30%) or inadequate (24%). Top requested permissions were: Location; Device ID; Access to Other Accounts; Camera; and Contacts. Almost two-thirds of the apps caused concerns for the privacy sweepers with respect to pre-installation privacy. Many apps provided little information prior to download, putting consumers and their devices at risk and too often the apps provided a link to a webpage with a privacy policy that was not tailored to the app. Even more disturbing, 31 percent of the considered apps requested permissions that exceeded what would be expected based on an understanding of these apps' functionalities. Collecting data is big business, especially data that is personally identifiable in some way. Consumers need to be aware of how much they are “paying” in terms of the data they give up in order to use a “free” app. One way to learn how installed apps are using and possibly abusing personal information - and in the process destroying privacy, is by installing Bitdefender's free Clueful app (cluefulapp.com) for Android and iOS. The app offers an on-install guardian and a privacy score calculator. Clueful acts as a “Privacy Consultant” showing what installed apps do in the background - without the user's knowledge. And consumer's need to be smarter about responding positively to apps' permission requests. If a flashlight app requests access to a smartphone's address book, the response to that is, “No! Cancel! Uninstall!”
