EWADA response to CMA consultation
Oxford's response to CMA consultation
Researchers from Oxford Human Centred Computing Research Group (of which EWADA is part of) provided a response to the public consultation on mobile ecosystems by the Competition and Markets Authority.
Mobile ecosystems serve as an important part of our everyday lives, mediating social, political and market interactions. The ever increasing importance and ubiquity of mobile devices puts great power into the hands of those companies that make the key design decisions affecting mobile ecosystems. Decisions that might sometimes go against the interests of consumers. This is why we welcome the opportunity to respond to the ongoing investigation of the CMA into mobile ecosystems. Oxford HCC/EWADA researchers have been studying the data flows and power relations in the mobile ecosystem for many years, and thus welcome the opportunity to respond to the ongoing investigation of the CMA into mobile ecosystems.
The major themes of our response cover the following topics:
- Ensure that app developers are not (implicitly or explicitly) nudged into violating basic provisions of UK data protection law, particularly the need to seek consent before engaging in third-party tracking. This could include standards for regulatory conformance (e.g. clarifying the responsibility of those companies developing tracking technologies, and requiring them to provide simple and compliant implementation guidance to app developers), and should ultimately aim to build a mobile ecosystem that facilitates compliance by default (see Section 1.1.1).
- Empower researchers to conduct app research, by enabling ways in which researchers can more easily analyse encrypted iOS apps, download apps at scale, and analyse encrypted network traffic of apps on Android (see Sections 1.2.1–1.2.2).
- Enable researchers to analyse concerns around underlying technologies of the mobile ecosystem, including the use of data relating to individuals and other advertising companies in Apple’s SKAdNetwork (see Section 1.4.3). Lower barriers to entry and innovation. Encourage the use of cross-platform technologies in app development (such as open web technologies), ensure that Windows and Linux users can develop apps for iOS (currently only macOS users), and lower the barrier to entry into the App Store (currently an annual 99 USD fee applies) (see Section 2.1).
- Ensure that gatekeepers do not self-preference, particularly with regards to ad attribution or in the definition of tracking in the Apple ecosystem, and the distribution of adblocking technologies on Android and in Google Chrome (see Sections 1.4.2–1.4.3 and 2.1). Scrutinise Google’s current ban of in-app tracking blockers (see Section 2.1), including Disconnect.me, to give consumers more choice over how apps use their data and to tackle widespread infringements of data protection law (particularly the need to seek user consent prior to tracking, as well as proportionality, data minimisation and purpose limitation) within apps.
- Consider requiring smartphone OS’s and app store operators to enable third-party mobile app extension functionality to spur innovation in mobile apps and reduce harms within them, similar to the approach taken with extensions in desktop browsers and mobile Safari starting with iOS 15, while ensuring safety of consumers using such extensions through the existing app store review processes (see Section 2.2).
- Ensure that the review of apps on the app stores and the policies underlying this process are fair and transparent, for example through regular mandatory disclosures about this enforcement (including with regards to privacy and data protection). Such disclosures would be a minimally invasive but realistic intervention, and have been suggested by a variety of researchers from different backgrounds. See Section 3.1 for more details.
- Consider separating key functions within the governance of mobile ecosystems to reduce conflicts of interests, such as privacy management to avoid self-preferencing as regards data collection and protect consumers against excesses and monopolisation of such data collection, and promoting more research into this area (see Section 3.2).
Read our full responses here