Complaints filed in France by the European Centre for Digital Rights (NOYB), allege that the mobile apps of three large companies illegally access and share users’ personal data.
The non-profit association, committed to the legal enforcement of European data protection laws, said that Fnac, the largest electronics store in France, SeLoger, a real estate app, and Under Armour subsidiary MyFitnessPal, share data with third parties for analytics as soon as the apps are opened.
“Users don’t even have the choice to consent to or prevent the sharing of their data. This approach is unlawful,” NOYB said in a press release.
The applications, once opened on an Android smartphone, immediately began to collect and share personal data, including Google’s unique Advertising ID (AdID), the model and brand of their device, and local IP address with third parties, it said.
Such extensive data collection allows the profiling of users in order to show them personalized ads and marketing campaigns that increase revenue for the three companies.
NOYB has requested that CNIL, the Data Protection Authority for France, order MyFitnessPal, Fnac, and SeLoger to delete all data that has been unlawfully processed. Given the seriousness of the allegations and the potentially large number of individuals affected, it also suggested that the companies be fined.
Under the European Union’s ePrivacy Directive, access to or storage of data on a device is only allowed if users give “free, informed, specific, and unambiguous consent.”
Two of the apps did not display a consent banner when launching, while the third presented one that theoretically gave the complainant the choice of giving or withholding their consent, the complaint said.
But, according to NOYB, personal data transmission began on the third app without any interaction on their part – and before they even had a chance to think about consent. The nonprofit did not specify which of the accused firms this applied to.
“Every app needs consent to track you. Instead, they use ‘data collection and tracking by default.’ In contrast to tracking on websites, mobile apps have seen almost no enforcement so far,” said Ala Krinickytė, a data protection lawyer at NOYB.
The way these apps handle user data is symptomatic of a wider problem in the mobile apps environment, NOYB said. Apps often have millions of users but don’t bother to comply with EU privacy laws – subsequently sharing private data with third parties including ad brokers to monetize it.
According to research by Konrad Kollnig and others, only 3.5% of all apps gave users a real choice to decline consent.
More from Cybernews:
Subscribe to our newsletter