Quite simply because they contain a vast amount of personal data, and personal data must be handled carefully. Besides things like emails and browsing history, mobile devices also store information on where the user is (or has been), photos and even details of their heart rate. That’s what we all love about mobile devices, but it also represents an intimate and extensive overview of our habits and behaviour that requires careful handling.

It’s a delicate subject, especially since the GDPR entered into force. User consent can be the legal ground to process data. However, there are strict requirements for obtaining this consent. Consent means offering individuals real choice and control. Consent requires a positive opt-in. Don’t use pre-ticked boxes or any other method of default consent. Be specific and ‘granular’ so that you get separate consent for separate things. Vague or blanket consent is not enough. This means that you can’t get away with simply asking users to agree with a privacy policy.

Stuffing a lot of information into one large document doesn’t really cut it in a mobile environment. To give users a clearer overview, we recommend using a ‘layered’ approach summarizing the most important points at different points in the app, with more detail available in the privacy policy. This staggered process allows users to make a meaningful decision rather than being forced to make an all or nothing choice.