Most financial institutions have spent the last two years mapping core vendors, renegotiating cloud contracts, and building ICT incident frameworks for DORA. Good. But there's something sitting right inside your mobile app that probably hasn't been touched (yet). Network requests, permissions, vulnerabilities and third-party components connecting to vendors you've never formally assessed, doing things your compliance team doesn't fully know about.
Mobile app risks sit at the intersection of privacy and security. Trust-by-Design brings both disciplines together — here's how.
Mobile apps carry 60% of global internet traffic. They often also collect more sensitive data than websites, we're talking real-time location, photos, contact lists, often through third-party components that even the app publisher doesn't fully understand. That's the problem. And CNIL (Commission Nationale de l'Informatique et des Libertés), France's data protection authority, has noticed.
While Brussels debates the Digital Omnibus, a conversation with Norway's Datatilsynet reveals the practical realities of privacy enforcement, both what's working and what remains difficult