France: Published Recommendations for Mobile Applications

On 24 September 2024, the French Commission Nationale de l'Informatique et des Libertés (CNIL) published its recommendations to enhance privacy protection in mobile applications. The release of the recommendations follows a public consultation in 2023 and the recommendations are aimed at helping professionals design apps that respect users' privacy and reinforce General Data Protection Regulation (GDPR) compliance in mobile applications. In particular, the CNIL's recommendations target all actors in the mobile app ecosystem, including app publishers, developers, software development kit (SDK) providers, operating system providers, and app stores. The goal is to ensure that personal data is protected at every stage of an app’s lifecycle. The recommendations clarify the responsibilities of each actor and offer practical advice to improve legal security. Furthermore, the recommendations focus on improving how users are informed about the use of their data, ensuring that this information is clear, accessible, and provided at the right time within the app. In addition, the CNIL stresses the importance of obtaining informed and freely given consent from users, particularly for data not essential to the app’s core functionality, such as for advertising purposes. Users must be able to refuse or withdraw consent as easily as they can give it, without facing any constraints. CNIL states that it will carry out a mobile application compliance campaign in spring 2025.