Greetings from Brussels!

There has been a lot of social chatter and media coverage recently around the mobile app "craze" known as FaceApp, the Russian-based photo-editing app. From what I have seen, folks have gone into a frenzy over the new aging feature, with multiple postings on social media platforms. It also topped the charts these last weeks as the number-one free app in Apple’s App Store. 

All well and good. I do like a bit of fun myself. Interestingly, this is not the first time that the app has come into the spotlight, having gone viral in 2017, collecting 80 million active users in the process.

So, are there privacy concerns? There has been some increased media noise here, and privacy advocates are asking questions publicly. My wife came home last week asking me if I was aware of the app; friends had shared messages on social networks expressing concerns over its privacy notice and terms of use. So naturally, my interest piqued. I went onto the Apple App Store to consult said policies. In the application’s terms of use under Clause 5 "User Content," I read that the users grants "a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you." This is some statement and a fairly comprehensive license. Simply put, it’s a little scary. Two words spring to mind: data minimization. Of note, their terms of use have not been updated since March 2017, and it appears their privacy policy hasn’t been updated since January 2017. This puts us in pre-GDPR territory.

In parallel worlds, on 19 July, the CNIL issued guidance for users of photo-editing applications. How timely. The guidance is good, articulating sound tips and pointers to using such apps and the potential risks. Importantly, the CNIL advises to check the permissions being requested by the application; beware of pop-up message requests to access camera or library as invariably you may be granting access to all your photos. There may well be private photos or photos of others who may not wish for their image to be shared; moreover, it is possible that extended metadata, such as geolocation, timestamps and device information, is also collected.

The CNIL also cautions against fraudulent apps and strongly recommends only downloading from an official app store; check the reviews and comments posted before engaging. And most importantly of all — and this should not come as any surprise to most of you reading here — read the terms of use and the privacy policy of the application so you know what is done with your data, which is something a lot of people simply don’t consider. Lastly, one should verify whether or not their rights under the GDPR can be exercised.

All in all, and this applies to any application you choose to download, do a minimum check in advance to avoid possible surprises down the line or even a possible battle to claw back your privacy rights.