Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Do normal GDPR obligations apply to information held locally on a phone, encrypted?

  • 20-06-2022 7:22pm
    #1
    Registered Users, Registered Users 2 Posts: 30,257 ✭✭✭✭


    I've noticed one particular app on my phone is using information that I didn't give it, or give consent for storage. I queried this with the privacy team of the app provider, and they came back saying that they don't store the information, it is held locally on the phone, and they have no access to it because of encryption.

    But their app is visibly using this information.

    Does GDPR apply to this scenario, where the info is stored locally on the phone, encrypted?

    I guess a similar scenario would be WhatsApp messages held on a phone, which WhatsApp don't actually have access to.



Comments

  • Registered Users, Registered Users 2 Posts: 2,114 ✭✭✭ItHurtsWhenIP


    If this is a personal device and the data stored on it is your own collection of data, then GDPR would not apply, as you are not a data controller.

    If this was a business device or personal device storing business "owned" personal data, then the GDPR would come into scope.

    While the storage on the phone is likely encrypted, this just means if somebody physically accessed the locked phone and connect it to something to try to harvest data, they would only get gibberish.

    My understanding of how apps work and interact with the device is kinda basic. I believe that if you are using an app, which has permission to access storage, then the storage will be accessible to the app. The same would be true if the app was running in the background when the phone is unlocked.

    For example that Clubhouse "social media" app used to ask for permission to access the contacts on the device. Clubhouse then took a copy of the device's contacts and stored them on their own servers.



  • Registered Users, Registered Users 2 Posts: 30,257 ✭✭✭✭AndrewJRenko


    Thanks for getting back to me. This is definitely not ‘my own collection of data’. This is data about me that a particular app has derived, without my explicit permission.

    The app owners are telling me that GDPR doesn’t apply, because this information is held on the phone, and is not transferred to their servers. Are they right?



  • Registered Users, Registered Users 2 Posts: 7,029 ✭✭✭zg3409


    It sounds like they are not storing it, you are on your phone. If it's in their servers they have to take reasonable precautions to secure it. What reasonable precautions have you taken to secure your data such as phone number, access to Gmail etc? Many people don't even have a pin set up to unlock their phone.



  • Registered Users, Registered Users 2 Posts: 30,257 ✭✭✭✭AndrewJRenko


    They’re storing it and using it on my phone. I’ve no idea how or where it is stored, so I have no option to delete it.

    This isn’t data that I’ve entered on screen or sent to them in any way. It isn’t a file or a photo.

    it is information derived from how I use the phone, stored locally somewhere with the app’s internal storage.

    What is the distinction under GDPR that excludes information stored locally?



Advertisement