On July 29, 2021, the German Federal Cartel Office (“FCO”) published the results of its sector inquiry into mobile apps, finding severe deficiencies regarding the information provided to app users and apps’ compliance with data protection law. The FCO recommends app publishers and app store operators should increase transparency and requests increased private enforcement and more enforcement by data protection authorities.
Based inter alia on a user survey, the FCO found a need to clarify the contractual relationship between users, app publishers and app stores. For example, the terms and conditions of popular app stores currently do not sufficiently clarify whether users buy apps from the app publishers or from app store operators. App stores also lack app publishers’ contact details.
The FCO inspected the privacy practices of 32 popular Android apps and found that most apps lack sufficient information on third-party recipients of user data, non-EU countries in which the data is stored, and the storage duration. Nine apps failed to provide privacy policies in German. The FCO therefore recommends a rework of the privacy policies and suggests that providers of operating systems introduce a central privacy center allowing users to limit the apps’ access to data and certain system functionalities such as internet access.
The FCO urges app store operators to provide additional information on apps, in particular more detail on in-app purchases and so called “lootboxes”. The latter are virtual treasure chests containing random items that can be used in online games. The purchaser of a lootbox does not know its content at the time of the purchase resulting in a gambling-like nature. The FCO also suggests introducing a display of short app assessments by third-party experts covering categories such as child protection, advertisement, in-app purchases and data protection.
Editor: Katharina Apel