Privacy & Information Security Law Blog

On May 13, 2014, the French data protection authority (“CNIL”) decided to examine 100 mobile apps most commonly used in France.

In particular, the CNIL indicated that it will examine whether the mobile apps properly inform users of:

• the categories of personal data collected (such as location data, contacts and device identifiers);
• the purposes for which the data are collected;
• whether personal data are shared with third parties; and
• the right of mobile app users to object to the collection and sharing of their personal data.

This review takes place in connection with the Global Privacy Enforcement Network’s (“GPEN”) second annual enforcement sweep, which involves participation by the CNIL and 26 data protection authorities. The review will be conducted using a common grid that will be shared by all the participating data protection authorities in order to provide an inventory of worldwide mobile apps’ practices including country-specific activities.

The CNIL announced that it may carry out formal investigations and issue sanctions if its initial findings reveal serious breaches of the French Data Protection Act.

GPEN is an international network of more than 40 privacy enforcement authorities, including the U.S. Federal Trade Commission. Its mission includes connecting privacy authorities around the world to facilitate international privacy enforcement cooperation and coordination. GPEN conducted its first annual enforcement sweep in 2013, focusing on online transparency regarding organizations’ privacy practices. Notable, participation in the annual GPEN enforcement sweep increased from 19 authorities last year to 27 authorities this year.