May 23, 2016
Data Protection :Time Limit on Storing and Processing Personal Data
The Norwegian Consumer Council commissioned research institute SINTEF to study the terms and conditions of 20 apps. The purpose of the research was to uncover and analyse potential threats to consumer protection. Arising from this study, SINTEF discovered 3 location tracking apps that may be in breach of European Data Protection Law. US based fitness app, Runkeeper, was set apart and is now subject of an official complaint to the Norwegian Data Protection Authority.
Narinder Purba, welivesecurity.com reports SINTEF “found that the app tracks and transmits personal data, such as location, fitness level and fitness habits, to a third-party when not in use”
This level of information gathering and storage is seen to be unlawful by the Norwegian Consumer Council under European law. They reason that the consumer does not consent to use of their personal information in this way. The data collected they say, is also beyond the scope of the information required to provide the service to its customer.
“According to the Data Protection Directive, Controllers must limit the length of time they store and process personal data” the Norwegian Consumer Council stated.
The Norwegian Consumer Council recognise there may be difficulties in imposing sanctions on the app provider as they don’t have EU subsidiaries but as the app targets a European market, the consumer council acknowledge that it makes it a necessary concern.