Former Google Policy Fellow Adrian Fong has published a paper titled “The Role of App Intermediaries in Protecting Data Privacy,” based on research that he had conducted, in part, at the Citizen Lab in summer 2016.  The paper was published in the International Journal of Law and Technology. The abstract of the paper is as follows:

A new generation of mobile apps (‘apps’) are collecting more personal and sensitive data on its users. It is imperative to protect the personal data of these users, given the risks associated with improper use of information. However, because app developers and users are located around the world, applying and enforcing data privacy protections located in domestic legislation are often difficult. In this environment, mobile application stores (‘app stores’) play a central role in determining the standard of data privacy which is afforded to users. This article looks at the role of app stores, which serve as intermediaries between app developers and users, in the context of data privacy.

This article first details the data privacy issues associated with apps. It then examines the role of app stores and how they are viewed under the data privacy framework. After reviewing the current data privacy requirements which apps must satisfy to list on the app stores, this article then suggests measures which could be implemented by the app stores to raise data privacy standards, namely the introduction of a contractual data access right for users and data privacy principles consistent with international norms. This article introduces a framework for analysis which can be applied to all intermediaries which do not themselves process data but have a substantial effect on the conduct of data controllers.

Read the full article. Citizen Lab is currently accepting a call for applications for a 2017 Google Policy Fellowship; read more information on the application process.