Skip to content

Privacy Commissione

The Commissioner's Blog

The Warsaw Declaration on the "appification" of society (04.10.13)

I just came back from the 35th International Conference of Data Protection and Privacy Commissioners held at Warsaw, Poland.

This Conference is an annual mega-event for Privacy Commissioners from around the world[1]. When I first attended the Conference in 2010 in Israel, about 45 jurisdictions were represented. This year, a total of 68 jurisdictions were represented. The drastic increase in representation underlines the growing number of jurisdictions which have in recent years enacted privacy laws. These include, for example, Singapore: Hong Kong's social-economic benchmark.

35th International Conference of Data Protection and Privacy Commissioners held at Warsaw, Poland

In line with the Conference's objective to promote and enhance internationally personal data protection and privacy rights, the Warsaw Conference has concluded in a declaration and (a record breaking number of ) seven resolutions on various subjects[2].

The Warsaw Conference has concluded in a declaration and (a record breaking number of ) seven resolutions on various subjects

The Warsaw Declaration on the "appification" of society[3] is particularly worth mentioning. It noted the ubiquitous nature of mobile applications (apps), with presently over six million apps in both the public and private sector and growing by over 30,000 a day. It also recognised the privacy and data protection challenges posed by the increased use of these apps, and expressed a clear commitment on the part of the privacy commissioners to address them.

Among other things, the privacy commissioners defined as follows the roles and responsibilities of various actors in ensuring a better privacy experience in the use of apps:-

  • Users should remain in charge of their own data; they should be informed of what data is collected and given the option to allow access to specific data on a case-by-case basis.
  • Apps developers should embrace privacy to build user trust and gain competitive advantage; they should be transparent in their privacy practices and collect only data necessary for the performance of the app.
  • Providers of operating systems should bear responsibility for privacy on the platforms in which apps are used. While they already offer general privacy settings on mobile devices, these should be made more granular for users to gain full control of all aspects of data collection.

Providers of operating systems should bear responsibility for privacy on the platforms in which apps are used.

As revealed in a Hong Kong survey of 60 mobile apps held in May this year, transparency in terms of privacy policy was generally inadequate[4]. Only 60% of the apps provided Privacy Policy Statements ("PPS") but they were all provided in the developer's websites and few explained the purpose for accessing each type of data stored on smartphones. In several cases, the PPS was not provided until after the users had installed the apps.

It is apparent that in the coming months, I will have to take serious steps in improving privacy and data protection in the use of apps. As always, a two-pronged approach will be taken, covering both enforcement as well as professional and public education.



[1] See https://privacyconference2013.org/

[2] See https://privacyconference2013.org/Resolutions_and_Declarations

[3] See https://privacyconference2013.org/web/pageFiles/kcfinder/files/ATT29312.pdf

[4] For full details, see www.pcpd.org.hk/english/infocentre/press_20130813b.htm


The Commissioner's Blog