Abstract
The pervasiveness of Android mobile applications and the services they support allow the personal data of individuals to be collected and shared worldwide. However, data protection legislations usually require all participants in a personal data flow to ensure an equivalent level of personal data protection, regardless of location. In particular, the European General Data Protection Regulation constrains cross-border transfers of personal data to non-EU countries and establishes specific requirements to carry them out. This article presents a method to systematically assess compliance of Android mobile apps with the requirements for cross-border transfers established by the European data protection regulation. We have validated the method with one hundred Android apps, finding an outstanding 66% of ambiguous, inconsistent and omitted cross-border transfer disclosures.
Highlights
The pervasiveness of today’s software systems and services allow the personal data of individuals to be collected and shared worldwide, across different countries and jurisdictions [1]
In many parts of the world, in Europe, privacy is strenuously protected [2] and assumed as a Human Right [3]. In other regions, such as China, privacy values are often a lesser priority when compared to order and governance [4]. These non-equivalent levels of protection are clearly evidenced by a recent court resolution in the European Union (EU) [5], which held that the level of data protection in the U.S is not essentially equivalent to that required under EU data protection law
We check compliance in tandem, i.e. the behavior of apps against their privacy policy commitments, and these, in turn, against the transparency requirements established in the General Data Protection Regulation (GDPR)
Summary
The pervasiveness of today’s software systems and services allow the personal data of individuals to be collected and shared worldwide, across different countries and jurisdictions [1]. According to the EU Cybersecurity Agency, there is still a serious gap between GDPR legal requirements and translation of these requirements into practical solutions, and there is a need for tools to test, verify and audit existing apps, libraries, and services [7] Following this direction, significant research efforts on data protection compliance assessment in the mobile ecosystem have been undertaken by academics [10]–[14] and regulators [6], [15].
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
