European authorities said that informed user consent for apps accessing personal data is essential for compliance with data protection law.

The Article 29 Working Party outlined specific obligations of app developers, stores, ad networks and OS and device manufacturers, with particular emphasis on apps targeting children.

Jacob Kohnstamm, chairman of the Article 29 Working Party, said apps that access personal data without “the free and informed consent of users” are in breach of European data protection law and could create “significant risks to the private life and reputation of users”.

The body said users must be in control of their personal data, and so apps should provide sufficient information about the data they are processing and obtain “meaningful consent” before accessing it.

Those involved in the development and distribution of apps therefore have an important responsibility to create “a safe, secure and data protection compliant app environment” and must collaborate with other app ecosystem members to meet this responsibility.

The Article 29 Working Party is an independent advisory body on data protection and privacy, set up under Article 29 of the Data Protection Directive.