French Data Protection Authority has published its recommendations for mobile applications

Following a public consultation, the French Data Protection Authority (the CNIL) has published a list of recommendations to help professionals conceive mobile applications that respect privacy and the GDPR provisions. 

These recommendations apply to all the operators involved in developing and making available mobile applications : mobile applications publishers, mobile applications developers, software development kit providers, operating system providers and application store providers. 

These recommendations emphasise on the need to obtain the users' consent to process its personal data. The CNIL clarifies the conditions for obtaining consent, pointing out that it must be freely given. The user thus needs to be able to refuse to consent or to withdraw his consent. 

As from Spring 2025, the CNIL will launch a specific investigation campaign on mobile applications to ensure compliance with these new rules. In the meantime, it will provide support to the industry, mainly through webinars. 

Authors: Nicolas Quoy, Partner; Antoine Boullet, Senior Associate; Anne Wecxsteen, Trainee Solicitor