Μsome of the most popular apps on "smart" mobile phones, such as TripAdvisor, Kayak, Skyscanner and MyFitnessPal, transmit some data to Facebook without the consent of users, which may be in breach of the new European Union Data Protection Regulation (GDPR).
This emerges from a survey of the citizens' organization Privacy International, which, according to the Financial Times, studied 34 popular mobile applications with built-in communication with Facebook. Researchers have found that at least 20 of them send data to Facebook within the first second of activating a device, before users are even asked if they approve of it.
The information is automatically sent to Facebook, include the name of the application, the unique "identity" of the user in Google and how many times the application has been opened and closed since the user "downloaded" it on his smartphone or tablet. Some apps, such as Kayak Travel, then post additional information to Facebook, e.g. for flight searches by the user, the dates of his trips, if he has children traveling with him and to which destinations he goes.
The new EU GDPR regulation requires the explicit consent of users before such personal information is collected. In case of breach by a company, the fines can reach 4% of turnover or 20 million euros (whichever is greater).
The Privacy International researchers pointed out that several of the applications they put under the "microscope" are free, so they make money in another way, apparently by providing data to third parties and allowing the display of ads.
According to researcher Frederick Kalthoiner, the responsibility for the application's compliance with European personal data regulations lies with the developer who develops it, but also with Facebook, whose software, when integrated into an application, is configured to collect and sends the data as soon as an application opens. This is exactly why some developers have already complained to Facebook, complaining that they are unable to comply with the new European legislation.
Facebook, for its part, claims that it has fixed the problem so that applications do not share user data as soon as they open and urged application developers to "download" its software upgrade and integrate it into applications. in order for the user to be asked before the application automatically, once opened, communicates with Facebook computers. However, it is not clear whether the problem has now been resolved.
"Six months after the release of the upgrade from Facebook, we still see very little indication that app developers are implementing it. "Of all the applications we tested, 67,7% automatically transmit data to Facebook as soon as the application starts," says Privacy International.
A Facebook spokesman said in a statement that "if they want to, they can turn off automatic data collection and uploading, but many continue to use the older version of the relevant Facebook software built into their applications, with as a result, they do not have the most recent ability to turn off automatic data transmission.
Another source of serious concern for Privacy International is the "de-anonymization" of data, that is, the ability for data sent by an application to "face" and associate with a specific user, which is prohibited by the GDPR . Facebook can associate an Android device "identity" with a user's "profile" on the social network and thus know who the data sent by an application from a mobile phone belongs to. In this way, Facebook is able to enrich the information it has about its users and then utilize the wealth of data for its own benefit.
But even if this does not happen, again Facebook can "extract" valuable information, combining data from multiple applications on the phone of the same user. If e.g. he has simultaneously installed the applications Qibla Connect (for Muslim prayer), Period Tracker Clue (for monitoring menstruation), Indeed (for job search) and My Talking Tom (child application), then there is an increased chance that the user is a Muslim woman, mother of a child and without a job.
A previous study by the University of Oxford found that 43% of the free apps that can be downloaded from Google Play share data with Facebook. Only Google itself shares more user data.
A Skyscanner spokesman said: "We had no idea that data was being sent to Facebook this way without the prior consent of our users, which is contrary to our internal regulations governing third-party technologies. We are investigating how this happened and we will take measures so that we can now do everything properly. "
The creators of the TripAdvisor, Kayak and MyFitnessPal applications declined to comment on the Privacy International allegations.
[the_ad_group id = ”966 ″]
