As data protection regulations continue to evolve worldwide, each region is refining its own requirements and specificities. This growing complexity makes compliance increasingly challenging for businesses operating internationally.
In the Growth Masterminds podcast, Jerome Perani, CRO at Axeptio, breaks down these trends and their impact on businesses, with a particular focus on mobile app compliance. With a new wave of regulatory audits set to roll out this spring, companies must navigate an increasingly fragmented regulatory landscape. How can businesses ensure global compliance while maintaining a positive user experience? Here are the key takeaways from Axeptio’s discussion with John Koetsier on Singular’s podcast.
Europe Leads the Way: From GDPR to Stricter Mobile App Audits
The General Data Protection Regulation (GDPR) has been in effect since 2018, imposing strict guidelines on the collection and processing of personal data across the European Union. Consent—one of the six legal bases under GDPR—has become a fundamental requirement for companies seeking to collect and process user data.
“In the early years of GDPR enforcement, data protection authorities focused mainly on education and awareness. But since 2020-2021, the leniency has faded, and fines have escalated, targeting organizations of all sizes,” explains Jerome Perani.
Until now, regulatory scrutiny has been primarily centered on the web. However, over the past two years, authorities have intensified audits within the mobile app ecosystem.
“The French data protection authority, the CNIL, has taken the lead in this area. In late 2022, mobile gaming company Voodoo was fined €3 million for tracking user behavior for advertising purposes without obtaining valid consent. Now, the company’s games prominently display a consent management platform (CMP) on their home screen,” says Jerome Perani.
This wasn’t an isolated case. The CNIL has ramped up enforcement and announced a new wave of audits starting in spring 2025. To help app developers comply with GDPR and the ePrivacy Directive, the CNIL has issued detailed guidelines.
A key takeaway: granting app permissions (such as access to location, camera, or contacts) does not automatically mean compliance. In most cases, integrating a CMP remains essential to ensuring valid, informed, and explicit consent before collecting or processing personal data.
The U.S.: A Rapidly Evolving Patchwork of Regulations
For years, strict data privacy regulations were seen as a primarily European concern. But that is changing quickly in the United States.
“California led the way with the CCPA (California Consumer Privacy Act), but it’s no longer alone. Since 2020, at least 19 U.S. states have enacted data protection laws, and momentum is growing—just last January, eight new states implemented their own legislation, with more expected in the coming year,” notes Jerome Perani on the podcast.
(Source: International Association of Privacy Professionals - IAPP)
For U.S. businesses, the landscape has shifted dramatically. Many companies that previously viewed compliance as an issue for European operations must now navigate complex regulations domestically. This challenge is particularly pressing for mobile apps, which need to tailor their consent management practices to local laws. A notable example discussed by Jerome is Amazon’s streaming platform, Twitch.
“In the U.S., when a user launches the Twitch mobile app, they are first prompted to enable push notifications. Then, Apple’s native pop-up requests permission again, followed by the App Tracking Transparency (ATT) prompt. However, ATT focuses on advertising tracking and does not serve as a comprehensive consent management mechanism,” explains Jerome.
In contrast, the European onboarding experience is entirely different. Users first encounter a CMP prompt for consent before the ATT request appears. This localization of the onboarding flow—often determined via IP detection—is a growing trend.
This regulatory fragmentation presents a major challenge for mobile app developers, who must not only tailor their flows to local laws but also ensure compliance across partners and third-party vendors.
“In Europe, regulations mandate that tracking is blocked until consent is obtained. In the U.S., enforcement remains inconsistent, with businesses fearing regulatory burdens could stifle growth. But the global trend is clear: data protection is becoming an international standard. Countries like Canada, India, Brazil, and Saudi Arabia are implementing stricter rules, meaning U.S. companies will have to adapt sooner or later,” Jerome observes.
Mobile Apps: The Next Battleground for Consent Management
As Jerome Perani highlights in the podcast, data protection compliance is no longer just a web issue—mobile apps are now under increasing regulatory scrutiny, and Europe is leading the charge.
Recently, the CNIL emphasized a commonly misunderstood point: system-level permissions, such as access to a camera, microphone, or location, do not automatically ensure GDPR compliance. These permissions only define whether an app can technically access certain data, but they do not regulate how that data is used. Any data collection for marketing, analytics, or advertising purposes requires explicit, informed, and freely given consent.
To address this, app developers must manage two layers of authorization: system-level permissions granted by the operating system and regulatory consent obtained through a CMP. To enhance compliance and traceability, the CNIL strongly recommends integrating a consent management platform (CMP).
“At Axeptio, we’ve developed a mobile SDK that enables app developers to implement a seamless and compliant consent experience. With a customizable in-app interface for iOS and Android, users can make informed choices without friction,” says Jerome.
The solution is Google Consent Mode v2 certified—an essential feature for accurately measuring mobile audiences while maintaining transparency. It is also compatible with IAB Europe’s Transparency & Consent Framework (TCF v2.2) and IAB Canada standards, ensuring compliance with industry best practices for monetization.
“With increasing regulatory scrutiny and fast-evolving privacy laws, consent management for mobile apps has become a strategic priority. Compliance is no longer just a box to check—it’s about proactively balancing performance with user trust. A robust CMP is no longer optional; it’s essential for staying ahead of regulatory changes and market expectations,” concludes Jerome.
User Experience and Compliance: A Shared Priority
Mobile app product and marketing teams are already accustomed to integrating permission requests into the user experience, whether for push notifications or location access.
For Jerome Perani, consent management should follow the same approach:
“Legal requirements should be turned into an opportunity for mobile marketing. The onboarding process should be positive and engaging, where consent collection becomes an integral part of the user journey. Just like a retail store warmly welcomes customers, an app should explain why certain data is collected and how it enhances the user experience.”
Axeptio’s solution is designed with this in mind, allowing brands to fully customize their consent widget to match their identity. From colors, fonts, and text to animations and trigger points, every detail can be fine-tuned to blend seamlessly with the app’s UX. Rather than a generic pop-up, the widget becomes a valuable touchpoint that reassures and engages users.
What’s Next for Privacy Regulations?
In the podcast, Jerome Perani highlights the growing push for global regulatory alignment, even as regional differences persist. With increasing public awareness and frequent data privacy scandals, governments worldwide are under pressure to strengthen user protections.
To dive deeper into these topics, Jerome Perani will be speaking at the App Growth Summit in New York, a key event for mobile app professionals. This will be an opportunity to discuss the future of consent management and data protection in an increasingly regulated landscape.
International regulations and mobile applications:
find out how Axeptio can help you achieve compliance.
