Update with new reference:
Katarina Stensson (2021-02-19). ”Vad händer om Apple och Google plötsligt stoppar bank-id-appen?”. https://computersweden.idg.se/2.2683/1.747279/debatt-apple-google-oligarki
My letter to datainspektionen on how the “Mobile BankID” app is compromising privacy of Swedish citizen and the (anonymized) negative reply by datainspektionen leaves the question open, who is taking responsibility in such cases.
1. Question
Von: “Wilmar Igl” <REMOVED>
An: datainspektionen@datainspektionen.se
Betreff: Mobile BankID (android-based version) breaches data privacy
Hej,
to increase my privacy and avoid sharing data with Google on US servers, I have installed the open-source Android system “Lineage OS” [1] on my smartphone (Motorola Moto G4) including the “Mobile BankID” app [2]. Unfortunately, “Mobile BankID” requires Google Mobile Services (ie Google Play Store etc) [3, 4] and a Google account. This means that Google Mobile Services will continuously send and store user information (call history, text messages, emails, calendar, location data, connection data, …) [8] on the servers of Google, as a very powerful, profit-driven US-american company subject to US law and the US government.
2. Reply
Gesendet: Montag, 02. März 2020 um 10:40 Uhr
Von: “Datainspektionen (no-reply)” <no-reply@datainspektionen.se>
An: “wilmar.igl@gmx.de” <wilmar.igl@gmx.de>
Betreff: Reply from Swedish Data Protection Authority
Dear Wilmar,
Thank you for contacting the Swedish Data Protection Authority (SDPA).
The company you refers to is a private company and does not have anything to do with the SDPA. We can offer general guidance in questions about the rules in the General Data Protection Regulation (GDPR), but we cannot take decision about how a company must design a particular service. A recommendation is therefore that you send your suggestion also to the company.
XXX YYY
Legal Advisor
The Swedish Data Protection Authority
———————-
The Swedish Data Protection Authority is a public authority.
Read more about the General Data Protection Regulation (GDPR)
Information about how the Swedish Data Protection Authority processes personal data