Data On Smart Devices — Are Data Subjects Being Protected?

Author:Mr Colin Rooney
Profession:Arthur Cox

Smart devices are increasingly central to our day-to-day lives. Data subjects are routinely using them for an extraordinary range of activities — from audio and video calls, to checking everything from bank balances to social media networks, not to mention browsing and accessing digital content libraries. Such uses are most commonly undertaken using 'apps' — software applications designed for a specific task, targeted at a particular set of smart devices, which organise information in a way suitable for the specific characteristics of the device. These apps are able to collect large quantities of data from smart devices (such as geolocation data and data stored on the device by the user, such as contacts and addresses) and process these data in order to provide new and innovative services to the end user. There are a broad range of players involved in processing such data. The cast includes app developers, operating system providers and advertising networks. Inevitably, this explosion of data processing raises a myriad of privacy questions: what data are being shared, with what third parties and why? How often are data being accessed and, once accessed, how are they further used/shared? What can data subjects do to control how their data are used? This article considers these questions, drawing from recent guidance from the Article 29 Working Party on mobile applications on smart devices, and from the US Federal Trade Commission's guidance on 'Mobile Privacy Disclosures'. Background The Article 29 Working Party Opinion on mobile applications on smart devices (the 'Opinion' — copy available at:, dated 27th February 2013, emerges in the context of mobile phone apps accessing, processing and transferring ever more user data. Simultaneously with the increased data processing, users of such apps appear to be increasingly yielding in their ability to monitor or control such data access. For example, earlier this year the French National Commission on Computing and Liberty ('CNIL') undertook an analysis of the data processing activities of 189 apps on six iPhones, and found that one in 12 of the apps accessed the address book on the iPhone, and almost one in three accessed location information. Need for guidance Working Party Chairman, Jacob Kohnstamm, has suggested that the processing of data on mobile apps 'often happens without the free and informed consent of users, resulting in a breach of European data protection law'. With this...

To continue reading