Skip to Main Content
Main Menu

Mobile Data Privacy: A Critical Component of Your Cybersecurity Strategy

What is Data Privacy?

Data is one of a company’s most valuable assets in today’s business environment. Customer data fuels insights, product/service development, personalized experiences, and relevant go-to-market strategies. Properly analyzed, the right data gives companies a competitive edge in efficiency and therefore, profitability.

Websites, apps, social media platforms… these are all data wells, collecting and storing personal information about consumers to provide and customize services. This sensitive data covers many fields. It can be a consumer’s name, location, contact information, medical records… and so much more. And it can relate to online or real-world interactions.

Data privacy addresses the proper handling, storage, access, retention, changeability, and security of sensitive data.

What Laws Govern Data Privacy?

Privacy laws such as Europe’s General Data Protection Regulation (GDPR) regulate consumer data storage, sharing, and disclosure practices in today’s digital economy. Implemented in May 2019, the GDPR claims to be the “toughest privacy and security law in the world.”

data protection regulationsAnd a company doesn’t have to be based in Europe to be impacted by it. As long as your organization targets or collects data related to individuals in the EU, you must abide by GDPR regulations. Otherwise, you can expect penalties reaching into the tens of millions of euros – up to 4% of the offending company’s annual turnover.

The GDPR is large and far-reaching and has implications that may impact many areas of your company, including your marketing strategies. It’s disrupting traditional business models and the way data value transfer works.

Since the GDPR, other privacy laws have bloomed around the world. There are the Brazilian General Data Protection Law (LGPD) and the Chinese Personal Information Protection Law (PIPL). And there are also a number of individualized laws around US states, like the 2019 California Consumer Privacy Act (CCPA). Colorado, Connecticut, Virginia, and Utah have all created legislation similar to CCPA, and 11 other states have privacy bills in consideration.

All of them aim to unify the multiple local privacy laws that regulate the processing of personal data. But their proliferation makes unification a challenge for any multi-jurisdiction organization, not least those companies that use mobile apps to communicate with customers.

How Does the Rise of Mobile Apps Impact Data Privacy?

The iPhone, the first connected mobile application platform, was introduced in 2007. In the ensuing decades, the devices have become ubiquitous. The average user has installed an average of 80 applications. Most apps communicate with both the phone user and the application developing company, providing personal information from the former to the app consent

Some apps also interact with other apps, which creates a series of complex challenges for protecting user data and has led to a series of high-profile mobile data privacy breaches, where personal information provided by the user has been shared with unintended parties. A Google search of “TikTok privacy issues” responds with over 300 million hits.

What is Unique About Mobile Data Privacy?

In its report on mobile device data privacy, the European Union Agency for Cybersecurity (ENISA) identified what makes mobile devices a unique challenge for data privacy:

  • The variety of data and sensors held in mobile devices
  • Use of different types of identifiers and extended possibility of users’ tracking
  • The complex mobile app ecosystem
  • Limitations of app developers
  • The extended use of third-party software and services.

If for no other reason than the litany of privacy policy acceptance prompts that mobile phone users are required to accept, phone-based consumers are very aware of the risks – and inclined to gravitate to brands associated with strong protection of their valuable data.

What Should App Developers do to Protect Consumer Data?

The complex challenges of data privacy protection on mobile devices does not exempt companies from complying with all applicable laws and regulations, from GDPR to US state laws.

In their mobile data privacy report, ENISA identified three areas of GDPR compliance that are particularly challenging in a mobile app environment:

  • Transparency and consent [with multiple apps interacting with a common phone infrastructure, how can an app developer be sure all accesses of a consumer’s data have been revealed to them for consent?]
  • Data protection by design and by default [how to convince consumers that data protection is the default design in an environment where ease of information access – including access across apps – is the ultimate goal].
  • Security of processing [how to protect consumer personal information on a device populated by apps of unknown origin].
    mobile app developersLuckily for app developers, mobile device operating systems are increasingly attuned to their platforms’ inherent risks to data privacy. Apple and Google established a policy of default application isolation, wrapping any application access to shared resources with security and user consent.

Savvy application developers can use these platform tools and others to secure the data, but it begins with a mindset of accountability and data stewardship. Any byte of personal data provided by the customer is the developer’s responsibility to protect in fully-disclosed ways and follow solid data management procedures end-to-end.

So good coding practices, backend data management practices, and platform support go a long way toward taming the wild environment in which consumers’ data live. But even with these safe practices, consumers are rightly concerned about exactly what is happening with their data.

Why Should I be Concerned About Mobile Data Privacy?

Because your customers are. A Digital Privacy and Security Survey conducted by the Calyx Institute in 2021 found that 80% of respondents were concerned about digital privacy. But, only 59% declared they felt more aware of how their data is treated than a year ago.

According to the US Federal Trade Commission (FTC), “right now, it is almost impossible to figure out which apps collect data and what they do with it.” A clear privacy policy assertion is key to giving your mobile app users confidence.

TrustArc believes that every mobile application should have, as the FTC puts it, “simple and short disclosures or icons that are easy to find and understand on the small screen of a mobile device.” TrustArc has Mobile App Consent solutions available today for app developers to create a privacy policy that meets these criteria.

By sharing an easy, understandable privacy disclosure, your application – and your company – can ease your mobile users’ minds.

Mobile Data Privacy: Compliance Check Box or Brand?

With the proliferation of laws and regulations on data privacy and the complex challenges that meeting these entails in a mobile environment, it is easy to focus on compliance aspects of data privacy protection and the legal risks of failing to do so.

But a compliance-only focus misses the opportunity that your company has to distinguish your brand in the area of data privacy protections. Consumers are surrounded by news of data breaches – and these come to mind every time your customers are about to enter private information into your app. Their willingness to trust will not be based on a technical understanding of the complexities of your application but on their association of your brand with digital safety.

Get the latest resources sent to your inbox

Back to Top