Communication publiée dans un ouvrage (Colloques, congrès, conférences scientifiques et actes)
GDPR Compliance in Privacy Policies of Mobile Apps: An Overview of the State-of-Practice
Amaral Cejas, Orlando; ABUALHAIJA, Sallam; SANNIER, Nicolas et al.
2025In Proceedings of the 33rd IEEE International Requirements Engineering 2025 conference
Peer reviewed
 

Documents


Texte intégral
AASCB - RE IIT 2025.pdf
Postprint Auteur (992.49 kB)
Télécharger

Tous les documents dans ORBilu sont protégés par une licence d'utilisation.

Envoyer vers



Détails



Mots-clés :
Legal Compliance; Privacy Policies; General Data Protection Regulation (GDPR); Mobile Apps
Résumé :
[en] Mobile apps are ubiquitous in our lives as they provide numerous services to support our daily activities. Personalizing such services entail collecting (possibly sensitive) personal information. Mobile apps must therefore comply with privacy regulations like the General Data Protection Regulation (GDPR) enforced in the European Union (EU). To achieve compliance, an app should implement the legal requirements pertinent to data collection and processing according to the GDPR. Privacy policies associated with apps can serve as intermediary instruments connecting between source code and regulations. They explain to app users how activities involving personal data are implemented and provide a detailed view on how legal requirements are operationalized in the app. Incomplete policies can indicate noncompliant apps. This paper sheds light on the state-of-practice of GDPR compliance in two mainstream app markets: the Apple App Store and the Google Play Store. We conducted a study to assess the completeness of 470 apps privacy policies in these stores according to the GDPR. Our analysis shows that, irrespective of the app store, fundamental GDPR requirements (e.g., information pertinent to individuals' rights and details of data transfer outside EU) are missing in ≈92% of the analyzed policies, revealing potential breaches in the respective apps.
Disciplines :
Sciences informatiques
Auteur, co-auteur :
Amaral Cejas, Orlando;  LIST - Luxembourg Institute of Science and Technology
ABUALHAIJA, Sallam  ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SVV
SANNIER, Nicolas  ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SVV
CECI, Marcello  ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SVV
BIANCULLI, Domenico  ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SVV
Co-auteurs externes :
no
Langue du document :
Anglais
Titre :
GDPR Compliance in Privacy Policies of Mobile Apps: An Overview of the State-of-Practice
Date de publication/diffusion :
octobre 2025
Nom de la manifestation :
the 33rd IEEE International Requirements Engineering 2025 conference
Lieu de la manifestation :
Valencia, Espagne
Date de la manifestation :
01--05/09/2025
Manifestation à portée :
International
Titre de l'ouvrage principal :
Proceedings of the 33rd IEEE International Requirements Engineering 2025 conference
Maison d'édition :
IEEE
Pagination :
320-331
Peer reviewed :
Peer reviewed
Projet FnR :
FNR16570468 - NCER-FT - 2021 (01/03/2023-28/02/2025) - Gilbert Fridgen
Intitulé du projet de recherche :
U-AGR-7511 - NCER22/NCER-FT_RegCheck_UL - KLEIN Jacques
Organisme subsidiant :
FNR - Fonds National de la Recherche
N° du Fonds :
NCER22/IS/16570468/NCER-FT
Disponible sur ORBilu :
depuis le 27 juin 2025

Statistiques


Nombre de vues
186 (dont 19 Unilu)
Nombre de téléchargements
214 (dont 7 Unilu)

OpenCitations
 
0
citations OpenAlex
 
1

Bibliographie


Publications similaires



Contacter ORBilu