Data Protection :Time Limit on Storing and Processing Personal Data

Data Protection :Time Limit on Storing and Processing Personal Data

Data Protection

The Norwegian Consumer Council commissioned research institute SINTEF to study the terms and conditions of 20 apps. The purpose of the research was to uncover and analyse potential threats to consumer protection. Arising from this study, SINTEF discovered 3 location tracking apps that may be in breach of European Data Protection Law. US based fitness app, Runkeeper, was set apart and is now subject of an official complaint to the Norwegian Data Protection Authority.

Narinder Purba, welivesecurity.com reports SINTEF “found that the app tracks and transmits personal data, such as location, fitness level and fitness habits, to a third-party when not in use”

This level of information gathering and storage is seen to be unlawful by the Norwegian Consumer Council under European law. They reason that the consumer does not consent to use of their personal information in this way. The data collected they say, is also beyond the scope of the information required to provide the service to its customer.

In addition, SINTEF found that the app maintained personal details even when the app was deleted or the account closed, notification of which is not included in their privacy policy or terms of service.

“According to the Data Protection Directive, Controllers must limit the length of time they store and process personal data” the Norwegian Consumer Council stated.

The Norwegian Consumer Council recognise there may be difficulties in imposing sanctions on the app provider as they don’t have EU subsidiaries but as the app targets a European market, the consumer council acknowledge that it makes it a necessary concern.

 

© Copyright of Datagroup 2009-2016
  • SHARE :