<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=134132097137679&amp;ev=PageView&amp;noscript=1">

40% of mobile apps mentioning “APEC CBPR” in their privacy policies risk falsely representing participation in international privacy program

Jul 21, 2022 8:30:00 AM

Pixalate analyzed 3.9MM app privacy policies and published a list of mobile apps with Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) referenced in their privacy policy, including those registered to companies that do not appear in the CBPR compliance directory.

Pixalate, the global market-leading fraud protection, privacy, and compliance analytics platform for connected TV (CTV) and mobile advertising, examined the privacy policies of ~4 million apps from the Google and Apple mobile app stores. Pixalate found that the privacy policies of 815 apps included a reference to the APEC CBPR System as of Q1 2022. See the full Q1 2022 CBPR Compliance Report here.

In the United States the Federal Trade Commission (FTC) is the privacy enforcement authority (PEA). Most recently, the FTC brought enforcement actions against three companies and issued warning letters to 28 companies for falsely representing that they participated in the APEC CBPR system.

KEY FINDINGS

According to Pixalate, of the 815 apps with “APEC CBPR” in their privacy policy:

  • 40% are registered to companies not listed in the CBPR Compliance Directory, but may be affiliated with a certified  company.
  • 46% are registered in the United States.
    • 310 of the apps registered in the U.S. have companies of certification listed in the CBPR Compliance Directory. 
    • 65 of the apps registered in the U.S. have companies of purported certification that are not listed in the CBPR Compliance Directory. 
  • 15% are apps in Medical, and Health & Fitness categories and registered to companies not listed in the CBPR Compliance Directory.
  • 5% that are likely child-directed apps, according to Pixalate’s Children’s Online Privacy Protection Act (COPPA) compliance methodology, and registered to companies not listed in the CBPR Compliance Directory.

Pixalate cross-matched apps that reference APEC CBPR in their privacy policies with companies listed in the CBPR compliance directory. The list of all apps with APEC CBPR terms is broken down by those that do appear in the compliance directory and those that do not. 

What is APEC CBPR, and why is this important?

The APEC forum is the leading organization in the Asia-Pacific region that facilitates trade and investment, economic growth and regional cooperation. The APEC Cross-Border Privacy Rules (CBPR) System is a voluntary, enforceable, accountability-based certification that allows for the transfer of personal data among the nine participating economies. The participant economies are: Australia, Chinese Taipei, Canada, Japan, the Republic of Korea, Mexico, Singapore, and the United States. 

According to the CBPR Compliance Directory, there are 49 companies certified. Once a company joins the system and is certified by a third-party Accountability Agent, the certification becomes legally enforceable by the PEA in the economy in which the company has been certified. If a company falsely represents that they participate in the APEC CBPR System, the PEA can bring an enforcement action against the company.

About Pixalate

Pixalate is the market-leading fraud protection, privacy, and compliance analytics platform for Connected TV (CTV) and mobile advertising. Pixalate works 24/7 to guard your reputation and grow your media value by offering the only system of coordinated solutions across display, app, video, and OTT/CTV for better detection and elimination of ad fraud. Pixalate is an MRC-accredited service for the detection and filtration of sophisticated invalid traffic (SIVT) across desktop and mobile web, mobile in-app, and OTT/CTV advertising. www.pixalate.com

Disclaimer

The content of this press release reflects Pixalate's opinions with respect to factors that Pixalate believes can be useful to the digital media industry, as well as to those researching adoption of internationally-recognized data privacy protections. Any data shared is grounded in Pixalate's proprietary technology and analytics, which Pixalate is continuously evaluating and updating. Any references to outside sources should not be construed as endorsements. Pixalate's opinions are just that, opinions, which means that they are neither facts nor guarantees. Pixalate does not independently verify third-party information. Pixalate is sharing this data not to impugn the standing or reputation of any entity, person or app, but, instead, to report findings and trends pertaining to apps available for download in the official Apple App Store and Google Play Store.

The fact that an app developer’s company of registration is located in one of the nine APEC CBPR economies does not necessarily mean that the company is certified. An app developer with a company of registration located in a non-APEC CBPR economy may be certified if it is an affiliate or subsidiary of a company located in an APEC CBPR economy that has extended the scope of its certification to the affiliate or subsidiary. Pixalate is not asserting that any companies are falsely claiming APEC CBPR certification.

Search Blog

Follow Pixalate

Subscribe to our blog

*By entering your email address and clicking Subscribe, you are agreeing to our Terms of Use and Privacy Policy.

Subscribe to our blog

*By entering your email address and clicking Subscribe, you are agreeing to our Terms of Use and Privacy Policy.