Gerasimos Magoulas

Summary

The General Data Protection Regulation (GDPR) mandates that users of mobile phone applications be informed of their personal data collected either by the applications, or by advertisements displayed through the applications. The information concerns, among other things, the purpose of collecting this data, the storage period, who is the Data Controller, who is the Data Processor (if any) and whether the data will be sent to third countries. The user should also be informed of all his rights. This information is available in the Privacy Policy. After it is certified that the user has read the corresponding privacy policy, he must consent to the processing of his personal data for the use of the application. This consent must be recorded so that it can be proven when requested, and only then the app may launch.

The research initially concerns whether the applications comply with the regulation by checking indicatively some principles. The mobile apps concern the Android ecosystem. From this research it is possible to create a model for assessing the degree of compliance of applications with the GDPR.

The assessment will concern whether the applications comply with the GDPR and whether the access rights requested by the applications to the device's resources are relevant to the purposes of the application.

The various applications that will be used belong to various categories of Google Play. The scores of compliances of each application will produce a category score and then the overall degree of Google Play compliance will be calculated. Then by applying the sensitivity analysis it can be examined how the various stages of compliance affect the final score of the categories and Google Play.

Finally, it can be examined how this rating can influence users to download the application or to negatively rate the application, that is, to examine the degree of correlation between the two ratings.