- 90% of the 250 apps analyzed by Usercentrics are not GDPR-compliant, tracking users without their consent
- 100% of gambling apps analyzed do not comply with GDPR requirements
- 84% of food apps do not operate in a GDPR-compliant manner
Munich, November 15, 2022 – Nine out of ten apps collect personal data from users without their consent, a clear violation of the European Union’s General Data Protection Regulation (GDPR) and the ePrivacy Directive. This is the result of an analysis of 250 apps in the EU apps market, conducted by privacy tech company Usercentrics.
Data protection in gambling apps? Missing!
Usercentrics analyzed 50 apps from each of the following five categories: food, lifestyle, fitness and health, finance, and gambling. Data protection is still “best” in the food category, though it’s damning with faint praise. 84% of the apps analyzed do not comply with the requirements of the GDPR, while the figure for finance apps (in second place) is 86%. Bringing up the rear: gambling apps. 100% of the apps analyzed in this category do not comply with GDPR requirements.
Avoiding fines, losing customer trust and damage to brand reputation
“The results of this report call out what is probably the largest ‘elephant in the room’ in the industry: the GDPR and the ePrivacy directive are still far from being universally implemented in mobile apps. Users spend most of their time on apps and most PII [Personally Identifiable Information] data collection happens there. However, in most cases, data tracking is still happening without collecting their explicit consent. With this report, we want to raise awareness of the situation, but also offer a helping hand to companies with simple suggestions on what steps to take in order to center user privacy to avoid fines, loss of customer trust and damage to brand reputation”, explains Valerio Sudrio, Global Director Apps Solutions at Usercentrics.
App analysis: in search of trackers
Usercentrics used the auditing tool Apptopia to scan the apps. For the analysis, done in October 2022, the company only examined apps that:
- installed third-party trackers for the purposes of analytics, attribution, monetization and/or marketing
- had users in the EU
- had at least 50,000 daily active users
Most of the trackers embedded in the apps are designed to process personal data, such as IP addresses, online identifiers and location data.
The analysis clearly shows that the issue of data protection is neglected by most app providers. The fact that nine out of ten apps analyzed do not comply with the requirements of the GDPR is a worrying result. Providers would be well advised to improve this situation quickly as regulators step up compliance audits and penalties.
The full report can be found here.
Usercentrics is a global market leader in the field of Consent Management Platforms (CMP). We enable businesses to collect, manage and document user consents on websites and apps in order to achieve full compliance with global privacy regulations while facilitating high consent rates and building trust with their customers.
Usercentrics believes in creating a healthy balance between data privacy and data-driven business, delivering solutions for every size of enterprise. Cookiebot CMP is our plug-and-play SaaS, our App CMP handles user consent on mobile apps, and Usercentrics CMP serves companies with enterprise-grade custom requirements for unifying consent and data from capture to processing.
Usercentrics is active in more than 180 countries, with 2000+ resellers and handles more than 100 million daily user consents.
Learn more on usercentrics.com
Camilla Beaven and Hannah Sinz