CNIL Launches a Public Consultation on Its Draft Recommendation

In 2022, the Digital Barometer revealed that an overwhelming 87% of French individuals aged 12 and above were smartphone owners, solidifying smartphones as the preferred device for internet connectivity. This widespread adoption highlights the crucial role mobile phones and tablets play in the daily digital lives of the French population.

However, the extensive and regular use of smartphones and mobile applications poses significant challenges in safeguarding users' privacy. Recognizing the importance of addressing this issue, the French Data Protection Authority (“CNIL”), has made "mobile applications" a top priority in its work program for 2023.

While many mobile applications offer similar services as their website counterparts, the technical environment in which they operate presents notable differences. The use of mobile apps enables the processing of vast amounts of personal data, including geolocation information and access to contact books, which may not be readily available on fixed terminals like computers. This data processing involves a multitude of players responsible for developing and disseminating mobile applications to the public.

In light of the complexity and significance of mobile applications in data processing, the CNIL aims to establish greater legal clarity in this domain and recommend measures to enhance privacy protection. The authority has prepared a document for consultation, seeking to elucidate the qualifications and responsibilities of the various players involved in mobile app development concerning applicable data protection regulations.

Moreover, the document outlines the principles and obligations that govern the processing of data by mobile applications, further emphasizing the importance of safeguarding users' privacy in this digital landscape

In order to draw up its draft recommendation, the CNIL held consultations with a number of players representing the mobile applications ecosystem, enabling it to gain a better understanding of the sector: application publishers, developers, SDK (software development kit) providers, OS (operating system) and/or application store providers, institutional players and a number of representatives of civil society.

The draft recommendation, open for public consultation until October 8th, 2023, targets five main categories of players in the mobile application ecosystem. These players include mobile application publishers and developers, software development kit (“SDK”) providers, operating system providers, and application store providers.

The recommendation addresses data protection officers, technical, and legal teams within these categories, aiming to provide guidelines and standards to enhance privacy protection in the mobile app industry.

The draft recommendation includes a section dedicated to each category of player so that each can identify the recommendations that concern them directly.

You can find further information here.

Kind regards,

Zumbul Attorneys-at-Law

info@zumbul.av.tr