This survey follows the CNIL’s announcement on 24 November 2022 that it aims at “better understanding the economic challenges associated with the collection and processing of personal data in mobile applications” as part of its 2022-2024 strategic plan.

The CNIL considered data collection via mobile applications greatly lacks transparency as opposed to cookies collection on websites.

The expected inputs are to be used for the purpose of drafting recommendations to be submitted to public consultation during the second semester of this year.

Concurrently to its ever-active enforcement of website cookie framework, the CNIL also recently started going after mobile applications for their use of personal data, often leverage as a primary source of revenue for free-to-play mobile games. The most recent example being the French mobile game publisher Voodoo SAS, with a fine of EUR3 million for breach of user consent for targeted ads on 29 December 2022. Indeed, the CNIL considered that even when users did not consent to the tracking for advertising purposes, Voodoo still accessed the IDFV (Apple’s “IDentifier For Vendors” (“IDFV”) – an identifier assigned to app operators, which facilitates targeted advertising) and processed browsing information for advertising purposes, constituting a violation of French privacy law and the GDPR.

The CNIL now calls for economic contributions from experts, interest groups, regulatory entities and experienced private individuals in the field. The call for contributions closes on 10 February 2023. Contributions can be submitted by completing a questionnaire and/or a written statement at the following email address: ecodesapplis@cnil.fr.

All contributions will be covered by professional secrecy and will be published in the form of a synthetic and aggregated report.

First publication on Cyber Law Watch with Camille Scarparo.