> Under the ePrivacy Directive, the mere access or storage of data on the user’s terminal device is only allowed if users give their free, informed, specific and unambiguous consent
I'm unsure what they mean by "storage of data on the [...] device" because you can't use an App without having first installed it (which uses your device's storage already), so doesn't the app have reasonable implicit permission to make use of the user's storage?
...while the part about an app being able to "access" stored data is ambiguous: does that include the app reading its own resource/assets data from its installed app-package/directory? Or if it's referring to apps reading from the user's own (i.e. private) data like Contacts database, photos, GPS sensors, etc - then as far as I'm concerned that's not a legal or policy question, but a clear and gaping security hole in the OS because the app was somehow able to break out of the sandbox to read into other data-stores on the user's device.
> so doesn't the app have reasonable implicit permission to make use of the user's storage?
“Implicit permission” does not sound like “free, informed, specific and unambiguous consent”. Furthermore, the directive (ePrivacy, article 5(3)) states that consent is valid only if the user was provided with clear information about the purposes of the processing beforehand.
> does that include the app reading its own resource/assets data from its installed app-package/directory?
An app reading its own data will fall under the “strictly necessary” exception of the directive (cf. ePrivacy 5(3)). Reading other databases will depend on the purpose.
The whole article talks about users' personal data, it isn't about storing data on the device in general. If you read the article from the top I think it's pretty evident.
I'm unsure what they mean by "storage of data on the [...] device" because you can't use an App without having first installed it (which uses your device's storage already), so doesn't the app have reasonable implicit permission to make use of the user's storage?
...while the part about an app being able to "access" stored data is ambiguous: does that include the app reading its own resource/assets data from its installed app-package/directory? Or if it's referring to apps reading from the user's own (i.e. private) data like Contacts database, photos, GPS sensors, etc - then as far as I'm concerned that's not a legal or policy question, but a clear and gaping security hole in the OS because the app was somehow able to break out of the sandbox to read into other data-stores on the user's device.