TL;DR: I take two examples of design choices that are problematic in terms of ethics and compliance with the GDPR. Reseplaneraren, a travel planner and FMTK, a fitness app. Both of these apps are from government controlled entities and both are tax funded.
Responsible disclosure note: Research was initiated September 2017, and by October 2017 both had acknowledged that they had received my report. A shorter version of this blog post was published on my Medium blog in September 2017.