Paper published in a book (Scientific congresses, symposiums and conference proceedings)
GDPR Compliance in Privacy Policies of Mobile Apps: An Overview of the State-of-Practice
Amaral Cejas, Orlando; ABUALHAIJA, Sallam; SANNIER, Nicolas et al.
2025In Proceedings of the 33rd IEEE International Requirements Engineering 2025 conference
Peer reviewed
 

Files


Full Text
AASCB - RE IIT 2025.pdf
Author postprint (992.49 kB)
Download

All documents in ORBilu are protected by a user license.

Send to



Details



Keywords :
Legal Compliance; Privacy Policies; General Data Protection Regulation (GDPR); Mobile Apps
Abstract :
[en] Mobile apps are ubiquitous in our lives as they provide numerous services to support our daily activities. Personalizing such services entail collecting (possibly sensitive) personal information. Mobile apps must therefore comply with privacy regulations like the General Data Protection Regulation (GDPR) enforced in the European Union (EU). To achieve compliance, an app should implement the legal requirements pertinent to data collection and processing according to the GDPR. Privacy policies associated with apps can serve as intermediary instruments connecting between source code and regulations. They explain to app users how activities involving personal data are implemented and provide a detailed view on how legal requirements are operationalized in the app. Incomplete policies can indicate noncompliant apps. This paper sheds light on the state-of-practice of GDPR compliance in two mainstream app markets: the Apple App Store and the Google Play Store. We conducted a study to assess the completeness of 470 apps privacy policies in these stores according to the GDPR. Our analysis shows that, irrespective of the app store, fundamental GDPR requirements (e.g., information pertinent to individuals' rights and details of data transfer outside EU) are missing in ≈92% of the analyzed policies, revealing potential breaches in the respective apps.
Disciplines :
Computer science
Author, co-author :
Amaral Cejas, Orlando;  LIST - Luxembourg Institute of Science and Technology
ABUALHAIJA, Sallam  ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SVV
SANNIER, Nicolas  ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SVV
CECI, Marcello  ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SVV
BIANCULLI, Domenico  ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SVV
External co-authors :
no
Language :
English
Title :
GDPR Compliance in Privacy Policies of Mobile Apps: An Overview of the State-of-Practice
Publication date :
October 2025
Event name :
the 33rd IEEE International Requirements Engineering 2025 conference
Event place :
Valencia, Spain
Event date :
01--05/09/2025
Audience :
International
Main work title :
Proceedings of the 33rd IEEE International Requirements Engineering 2025 conference
Publisher :
IEEE
Pages :
320-331
Peer reviewed :
Peer reviewed
FnR Project :
FNR16570468 - NCER-FT - 2021 (01/03/2023-28/02/2025) - Gilbert Fridgen
Name of the research project :
U-AGR-7511 - NCER22/NCER-FT_RegCheck_UL - KLEIN Jacques
Funders :
FNR - Fonds National de la Recherche
Funding number :
NCER22/IS/16570468/NCER-FT
Available on ORBilu :
since 27 June 2025

Statistics


Number of views
186 (19 by Unilu)
Number of downloads
213 (7 by Unilu)

OpenCitations
 
0
OpenAlex citations
 
1

Bibliography


Similar publications



Contact ORBilu