Question to the Department for Digital, Culture, Media & Sport:

To ask Her Majesty's Government what action they are taking to ensure that mobile phone users are fully aware of the extent to which their data may be harvested and shared by mobile phone applications.

The Data Protection Act places an obligation on all organisations, including those that make mobile phone applications, to be clear about how they process individuals’ personal data and ensure that any consent obtained for its use is clear, unambiguous and purposeful. This information, along with individuals’ rights under the Data Protection Act, should be set out clearly in a privacy notice.

The Information Commissioner regulates and enforces the Data Protection Act and has a number of tools available to ensure compliance with data protection rules which include criminal prosecution, non-criminal enforcement and audits. For those who commit serious breaches there are significant financial penalties including fines up to £18 million or 4% of global turnover that can be applied as well as the backstop of criminal prosecution.