CNIL will publish recommendations on the subject of mobile applications so that each player has a good understanding of their obligations and to facilitate their compliance.
Practical tools (sheet or practical guide, self-assessment checklist, etc.) intended for users may also be published to make them aware of the real risks and impacts represented by the processing of their data through mobile applications . In particular, issues related to applications aimed at vulnerable audiences or processing sensitive data (medical applications or applications intended for children, pregnant women, etc.) or the collection of data from smartphone sensors will be the subject of work specific.
Depending on the field observations made during the work carried out to clarify the legal framework, the CNIL may decide to implement a large-scale control plan , as had been carried out in the context of actions related to cookies and other tracers. It could in particular focus on processing likely to create significant specific risks for individuals, for example because it targets vulnerable groups or collects data in a particularly intrusive way.
These actions would supplement the controls already regularly carried out on the basis of complaints and aimed at ensuring compliance with the fundamental principles of the GDPR by the publishers of mobile applications.
At the end of these checks, depending on the nature and extent of any breaches observed, the CNIL may take corrective measures, in particular financial penalties .