• norsk
    • English
  • English 
    • norsk
    • English
  • Login
View Item 
  •   Home
  • Fakultet for informasjonsteknologi og elektroteknikk (IE)
  • Institutt for informasjonssikkerhet og kommunikasjonsteknologi
  • View Item
  •   Home
  • Fakultet for informasjonsteknologi og elektroteknikk (IE)
  • Institutt for informasjonssikkerhet og kommunikasjonsteknologi
  • View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.

Analysis of Mobile Application's Compliance with the General Data Protection Regulation (GDPR)

Mangset, Peder Lind
Master thesis
Thumbnail
View/Open
19435_FULLTEXT.pdf (1.469Mb)
19435_COVER.pdf (1.556Mb)
URI
http://hdl.handle.net/11250/2560789
Date
2018
Metadata
Show full item record
Collections
  • Institutt for informasjonssikkerhet og kommunikasjonsteknologi [2002]
Abstract
Users increasingly rely on their mobile applications to fulfill everyday activities. Processing of personal data through such tools poses a significant risk to the user's privacy and security. This stems mainly from the various sensors on the device, but also from the nature of it, because they are physically difficult to secure. As a result of this, implementing the General Data Protection Regulation (GDPR) into mobile applications may pose serious challenges.

This study focused on how pharmaceutical and dating applications process user's personal data and if they do so in compliance with the GDPR. We followed a design science methodology and evaluated each application using predefined test cases. Our study revealed instances of personal data stored unencrypted on the device. This included user's social security number and sensitive personal data, such as political opinion and religious belief. This type of data warrants special consent under the new regulation. It further revealed that multiple application does not allow users to opt-out of automatic individual decision-making for direct marketing purposes. Lastly, the study revealed applications that have been updated specifically for the GDPR.

The majority of the work for this study was conducted before the implementation date. It is therefore difficult to predict how Norway's supervisory authority will impose sanctions on infringements of the regulation. However, our study revealed infringements of provisions that are eligible for the administrative fines outlined by the GDPR.
Publisher
NTNU

Contact Us | Send Feedback

Privacy policy
DSpace software copyright © 2002-2019  DuraSpace

Service from  Unit
 

 

Browse

ArchiveCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsDocument TypesJournalsThis CollectionBy Issue DateAuthorsTitlesSubjectsDocument TypesJournals

My Account

Login

Statistics

View Usage Statistics

Contact Us | Send Feedback

Privacy policy
DSpace software copyright © 2002-2019  DuraSpace

Service from  Unit