Assessing General Data Protection Regulation for Personal Data Privacy: is the End of 'Take it or Leave it' Approach for Downloading Apps?

摘要

On a daily basis, an enormous amount of data are generated from several personal and non-personal devices, such as mobile phones, tablets, computers, sensors for the Internet of Things applications, etc. In most cases, the data are stored and analyzed aiming to improve the quality of the provided services. In cases, where these data are correlated, directly or indirectly, with a person are characterized as personal data. The collection, storage and processing of personal data raise several issues on personal data privacy, in particular when users are not well informed regarding the processing of their personal data. The aim of this paper is to examine to what extent the procedures currently followed in one of the most popular personal applications stores (Google Play), which contains more than 3 million mobile applications including social media applications, are in compliance with the provisions of the General Data Protection Regulation (GDPR). Our analysis shows that the current procedures, followed by Google Play store, are not fully in compliance with the upcoming framework, in particular with issues related to, users awareness regarding the scope of personal data process, non availability of user option to install an app without giving full access to his/her personal data and protection of minor users. It is argued that several modifications should be done, both from apps developers and stores, in order to harmonize the relevant procedures with the provisions laid out in the upcoming EU Regulation.