France: Data Protection Agency adopted revised recommendations for professionals designing mobile applications (Deliberation No. 2025-024)

On 27 March 2025, the French Data Protection Authority adopted the revised recommendation for professionals designing mobile applications. The recommendation applies to all actors in the mobile application ecosystem, including developers, publishers, operating system vendors, and application store managers who process personal data. It clarifies the application of the General Data Protection and the ePrivacy Directive in mobile contexts, highlighting issues including opaque data processing, vague permissions, and intrusive use of device sensors. The recommendation stresses the importance of clearly defining roles and responsibilities under data protection law and avoiding unlawful practices, including improper software development kits usage. The recommendation provides role-specific obligations, practical guidance, and compliance checklists, and notes that these obligations are without prejudice to other legal instruments, including competition law and the Digital Markets Act.