98% of leading apps do not comply with GDPR according to Crownpeak study
A staggering 79% of the top 50 Android apps and top 50 Apple apps offer no consent solution at all
New York, 8 August 2018: Only one in every fifty apps is compliant with the General Data Protection Regulation (GDPR) according to a study carried out by Crownpeak, a global leader in digital governance management.
In a study of the top 50 Android apps and top 50 Apple apps conducted by Crownpeak in July 2018, 98% did not comply with GDPR. The study found that 79% of the apps had no consent notice at all, and of the 21% that did offer a consent solution, only 2% were GDPR compliant, allowing users varying degrees of control over their data. Despite this, every app that was scanned displayed multiple Software Development Kits (SDKs) that appeared to perform some kind of data collection.
Gabe Morazan, Senior Product Manager at Crownpeak says: “The study shows that apps are a black spot for compliance. On 25th May, consent notices delivered a more informed user experience when browsing on desktop or mobile. But it appears that apps lag behind in compliance programs. This is particularly worrying, considering that, according to an eMarketer report, apps comprise over 90% of internet time on smartphones.
“Our study showed that users rarely have the ability to control exactly which aspects of their data are shared, signalling lack of genuine consent. On top of this, apps such as Facebook, Instagram, WhatsApp and even Android itself have already come under fire for removing access to their products for users who do not consent to data sharing. Yet at the same time, audiences are already asking more questions about the level of data apps request access to, such as those which unnecessarily ask for permission to view contact information. It suggests a growing gap between consumer expectations and publisher priorities.”
To help developers navigate GDPR consent, Crownpeak is launching its platform, AppNotice; a turnkey solution that helps companies ensure their mobile apps comply with the consent requirements of global privacy laws. The platform provides the app user with a list of all technologies and vendors operating within an app, that could be accessing and processing their personal data. This enables users to granularly opt-in or opt-out of sharing their data with vendors that are not essential to the functioning of the app. In this way, they can still enjoy full access to the app, meeting the regulation’s requirement that users can refuse to consent without detriment.
AppNotice will be powered by Crownpeak’s proprietary vendor database, which is the largest available and automatically identifies the vendors within the app that have access to user data.
Crownpeak will be running a webinar to present the results from the study and demonstrate its AppNotice solution – click here to register.
Crownpeak provides the leading, enterprise-grade, cloud-first Digital Experience Management (DXM) platform. The Crownpeak DXM platform empowers Fortune 2000 companies to quickly and easily create, deploy and optimize customer experiences across global digital touchpoints at scale. Besides featuring content management, personalization, search, and hosting, it is the only digital experience platform that includes built-in Digital Quality Management (DQM) to ensure brand integrity, best practices, and web accessibility compliance. In 2017, Crownpeak acquired Evidon, the leading provider of simple technical solutions to complex digital Governance, Risk & Compliance (GRC) challenges, including the Universal Consent Platform, designed to help companies comply with the General Data Protection Regulation (GDPR).
For more information please visit: www.crownpeak.com
Sarah Dickson, GingerMay PR
+44 (0) 203 642 1124