Abstract
The General Data Protection Regulation (GDPR) obliges data controllers to inform users about data processing practices. Long criticised for inefficiency, privacy policies face a substantive shift with the recent introduction of privacy labels by the Apple App Store and the Google Play Store. This paper illustrates how privacy disclosures of apps are governed by both the GDPR and the contractual obligations of app stores and is complemented by empirical insights into the privacy disclosures of 845,375 apps from the Apple App Store and 1,657,353 apps from the Google Play Store. While the GDPR allows for the use of privacy labels as a complementary tool next to privacy policies, the design of the privacy labels does not satisfy the standards set in Art. 5(1)(a) GDPR and Art. 12-14 GDPR. The app stores may consequently distort the compliance of apps with data protection laws. The empirical data highlight further problems with the privacy labels. The design of the labels favours disclosures of developers that offer a variety of apps that can process data across different services and contradictory disclosures do not get flagged nor verified by app stores. The paper contributes to the overall discussion of how app stores in their role as intermediaries govern privacy standards and the impact of private sector-led initiatives.
Original language | English |
---|---|
Number of pages | 38 |
Journal | Internet Policy Review |
Volume | 13 |
Issue number | 2 |
DOIs | |
Publication status | Published - 2 Apr 2024 |
Bibliographical note
Publisher Copyright:© 2024, Alexander von Humboldt Institute for Internet and Society. All rights reserved.
Erasmus Sectorplan
- Sector plan Recht-Public and Private Interests
- Sector plan Recht-Empirical Legal Studies
- Sector plan SSH-Breed
Fingerprint
Dive into the research topics of 'The death of privacy policies: How app stores shape GDPR compliance of apps'. Together they form a unique fingerprint.Datasets
-
The Death of Privacy Policies
Krämer, J. (Creator), 12 Mar 2024
DOI: 10.17605/OSF.IO/TNG5F, https://osf.io/tng5f/
Dataset