The ILP Lab today published a report on privacy issues surrounding app tracking for the European privacy organisation noyb. When developers create apps, they often use building blocks made by other companies. Many of these building blocks, called software development kits (SDKs), contain tracking technologies which gather privacy-sensitive data. The ILP Lab investigated the privacy issues surrounding SDKs, which is a hot topic and an interesting research field for noyb.
Student researchers of the ILP Lab performed a legal analysis of a number of popular SDKs. They found that SDKs do not adhere to key provisions of both the e-Privacy Directive and the GDPR. A legal basis for processing is often missing, people are not well-informed and data is transferred outside of the EU in violation of EU law. Their findings can serve as input for potential complaints against SDK developers.
Romain Robert, program director at noyb, said: “Tracking people with SDKs is a serious privacy problem, but not many people are aware that this is happening. Developers often just use SDKs from other companies without really looking into the data these are collecting. The research of the ILP Lab demonstrates that many of these practices are violating European privacy rules. The report provides noyb with interesting insights. We should continue investigating developments in this field.”
The research of the ILP Lab was performed by Maxime Bax, Francien Giebels and Sasun Sepoyan at the request of noyb.