Why You Should Know the Marketplace Principle as an App Developer

What is an EU representative, and do you need one? We help you navigate the jungle of the GDPR.

Lisa Figas Lisa Figas

Lisa Figas

Lisa is TelemetryDeck's co-founder and product/marketing person
Why You Should Know the Marketplace Principle as an App Developer

This article is aimed at all app providers who are based outside the European Union and European Economic Area (EEA) but have EU and EEA citizens among their app users. Yes, it gets a bit complex, but we will help you through the jungle of data protection regulations of the GDPR.

What Is an EU Representative, and Why Should I Know?

The EU Representative is an additional contact person for supervisory authorities and data subjects within the EU. This person represents the interests of the companies and providers in the European Union. EU representatives provide support in fulfilling the obligations under Art. 27 GDPR. In addition, they provide advice as needed with regard to data protection-compliant implementation of business activities in the European Union. The EU representative and the represented party must conclude a representation agreement.

What tasks does an EU representative perform?

  • Point of contact for communication with supervisory authorities
  • Handling of inquiries from data subjects
  • Support in the creation and maintenance of the inventory of processing activities

Do I Need an EU Representative?

If you do either or both of these things within the European Union (EU) or European Economic Area (EEA), you need an EU representative:

  • You offer goods or services within the EU/EEA to data subjects natural persons (even if the goods or services are free of charge).
  • You monitor the behavior of natural persons in the EU. There must be purposeful processing of personal data of data subjects located in the EU. This is independent of the nationality or legal status of the data subjects.

Further requirements are that your company (or in the case of individuals, the individual) has its registered office in a third country. This means in a country outside the European Union or the European Economic Area. This regulation affects “normal” responsible entities such as digital service providers and processors.

The obligation to appoint an EU representative depends on the marketplace principle of the GDPR. This means that it is not decisive where the provider of a service is located, but where the customers are located.

Who Is Exempt From Appointing an EU Representative?

You do not need to appoint a representative if you only occasionally process personal data that is not very sensitive and does not pose a risk to the rights and freedoms of natural persons. A processing activity is only considered “occasional” if it does not take place on a regular basis and is outside the regular business or activity of the controller or processor.

Unless these exceptions apply, the appointment of an EU representative is mandatory by law.

What Is the Penalty if I Do Not Appoint an EU Representative, but Actually Need One?

If this designation is not made despite the existence of the requirements, the competent supervisory authority may impose a fine on your company.

Do I Need an EU Representative if I Use TelemetryDeck in My App?

The answer is clear: it depends. If your app doesn’t process personal data, and if you don’t misuse TelemetryDeck for gathering data you shouldn’t be gathering, then there is no need to appoint an EU representative. However, we can only answer this question in relation to the app analytics.

You need to make sure how each part of your app is processing, storing and transmitting data, especially if you include third-party SDKs. In case of doubt, you should seek legal advice or appoint an EU representative.

Find Your EU Representative

undefined

This article is a cooperation with Elisa Drescher. She is a data protection enthusiast, lawyer, and co-founder of SCALELINE, the digital consultancy for data protection law for Germany and Austria. After working for a renowned consultancy for data protection law in Germany, she combines the requirements of the GDPR as well as the national data protection laws in Austria and Germany and conveys the topic of data protection, in a very relaxed and charming way. If you need an EU Representative or if you are uncertain about it, please check Elisa’s website for further information: SCALELINE EU Representative.