Skip to content
Sign In Subscribe
ISO AUDIT

YOUR Phone, YOUR Data

 and  Elena Bobkova
5 min read
Photo by Yura Fresh / Unsplash

What apps know about you (and why ISO 27701 matters)

Have you ever downloaded an app and just quickly clicked “Agree” without reading all that privacy stuff? Yeah… almost everyone does. But what you may not realize is that some of those apps are collecting a lot more about you than you think — and not just your name or email. We’re talking about your birthday, where you live, who you talk to, where you go, what websites you visit, and sometimes even your entire contact list.

That’s why data privacy is a big deal — and that’s where something called ISO 27701 comes in. It’s like the rulebook companies should follow to protect your personal information. But let’s back up a little.

What Is “Personal Data” Anyway?

If someone can figure out it’s you — it’s personal data. That includes:

  • Full name
  • Date of birth
  • Home address or zip code
  • Email or phone number
  • Location tracking (like GPS from your phone)
  • IP address or device ID
  • Cookies and what websites you visit
  • Even your voice or face if recorded

Yes, cookies! They’re not just a tasty snack — they’re tiny trackers websites use to remember who you are and what you like. They can follow your clicks, searches, and visits. So, yeah, even browsing online is personal.

Some apps collect this when you fill out a form. Others do it quietly in the background while you use the app. Creepy, right?

The Problem with Apps

A lot of apps say they collect data to "improve the customer experience." That sounds nice, but sometimes it means they’re tracking everything you do. Some apps update your location every few minutes or sync your entire phonebook without clearly telling you.

And worse — they might not even explain what they’re doing. Hidden in the fine print, it might say:

  • They collect data automatically while you use the app
  • They store it on servers in different countries
  • They use it for ads or share it with third parties
  • They’ll keep it for as long as they want

That’s not okay. You deserve to know what’s happening with your information.

What ISO 27701 Says

ISO 27701 is an international standard. Think of it like the superhero version of privacy rules. It tells companies:

  1. Collect only what’s needed If your app is for photo editing, it doesn’t need your location or contacts.
  2. Be clear and honest The app must explain, in plain language, what data it collects. Not hidden in a 200-page legal doc, but something you can actually read.
  3. Tell you where data is stored Is it on your phone? In the cloud? On servers in another country? You have the right to know.
  4. Explain how data will be used Is it just for making the app better? Or are they selling it to advertisers? You must be informed.
  5. Tell you when data will be deleted Nothing should be kept forever. Apps should explain when and how your data will be erased.
  6. Make it easy to say no or delete your data If you said “yes” to giving your data by checking a box, then saying “no” or deleting your data should be just as easy.

Not Okay: When Deleting is Harder Than Agreeing

Ever try to delete your account or remove your data and get sent through a maze? You have to email support, wait days, go through chatbots, maybe even write a formal request. But when you first said “yes,” all it took was one click.

That’s not fair.

According to ISO 27701, both actions — saying yes and saying no — should be:

  • Transparent (no hidden rules)
  • Equal (not one easy, one hard)
  • Easy to do

If they can ask for your data with one click, they should let you remove it just as easily.

What Can You Do?

Here are some quick tips to stay in control:

  • Read the permissions before installing any app
  • Say no to data collection you’re not comfortable with
  • Check the privacy policy (yes, seriously — even just the bolded parts!)
  • Use “Privacy Check” tools on your phone or browser
  • Ask for data deletion if you don’t use the app anymore

And most importantly: You have the right to be forgotten. That means any company that collected your personal data should delete it if you ask — no excuses.

How to check if an app is playing fair (using ChatGPT or Claude or other AI chat)

Here’s a pro tip anyone can do:

  1. Go to the app’s privacy policy (often at the bottom of their website or app store page).
  2. Copy the whole thing — even the boring long parts.
  3. Then paste it into ChatGPT and ask something like:

"Does this privacy policy follow GDPR, California privacy laws, and ISO 27701? Are they collecting more data than necessary? Can users delete data easily?"

  1. You can copy paste this entire article too and ask ChatGPT to compare the two. See what’s missing.

If ChatGPT tells you the app is shady — maybe don’t install it.

For App Developers (or Curious Teens Who Code)

If you're creating your own app (or dreaming of it), don’t ignore privacy rules. It’s not just about being ethical — it’s about avoiding huge fines.

Want help building a privacy-friendly app? Subscribe to my website or just message me directly — I’m happy to help or point you to tools. Because privacy laws are getting stricter and more expensive to ignore.

Real Examples: Fines for Bad Privacy Behavior

Let’s talk money — and how much companies have lost for breaking the rules.

  • Meta (Facebook) – Fined over €1.2 billion under GDPR for transferring user data out of Europe improperly.
  • TikTok – Fined £12.7 million in the UK for misusing children’s data.
  • Google – Paid $391 million to settle a lawsuit in the U.S. for secretly tracking user locations even after they turned off tracking.
  • Sephora (California) – Fined $1.2 million for not letting users opt out of data selling.

These fines aren't just for show. Regulators are serious — and so should app developers be.

Bonus Tip: check your iPhone’s app Privacy Report

Maybe a but controversial opinion: What I really like about Apple is that they lean into transparency as much as they realistically can — especially considering how many third-party apps use open APIs. Now, they’ve given us real leverage to see what those apps are actually doing on our phones. Apple highlights that the iPhone — like any smartphone — is just a tool. How you use that tool is up to you. But the company that makes the device has a responsibility to do their part and provide transparency. And Apple, at least, is taking steps in the right direction.

Want to see for yourself what your apps have been doing behind your back? If you have an iPhone, here’s how:

  1. Go to Settings
  2. Tap Privacy & Security
  3. Scroll down and tap App Privacy Report

This report shows exactly what data each app has accessed recently. It can include your location, contacts, photos, microphone, camera, and even which websites the app connected to.

You might be surprised. Some apps that don’t need your location or internet history still collect it — and sometimes every 15 minutes. Even worse, some apps don’t let you choose “only what’s needed.” It’s either “all access” or nothing.

So if a simple flashlight app is pulling your GPS or syncing your contact list — that’s a red flag.

Use this feature to double-check which apps actually deserve to stay on your phone.

Final Thought

Privacy isn’t just about hiding secrets — it’s about having control over your identity, your choices, and your digital life. Standards like ISO 27701 exist to make sure companies respect that control and build it into the design of their apps and systems.

So the next time you’re about to hit “Agree” on a new app, pause and ask yourself:

  • What personal data are they collecting?
  • Why do they need it?
  • Are they explaining it clearly and honestly?
  • Can I delete my data just as easily as I gave it?

If the answers feel shady or confusing, maybe that app doesn’t deserve a spot on your phone.

And if you’re an app developer? Then it's your responsibility to design your app with privacy and transparency from the start — not as an afterthought.

Comments

Related

Latest