Skip to main content
All Posts By

Steven Roosa

The Slow Stroll Toward Schrems III? And How NT Analyzer Can Help in the Meantime

By , , and Insights

After more than a year of negotiations, on March 25, 2022, the European Commission and the United States announced an agreement for a new Trans-Atlantic Data Privacy Framework. The new Framework will replace EU-U.S. Privacy Shield, which was invalided by the Court of Justice of the European Union (“CJEU”)’s Schrems II decision in July 2020. Since the Schrems II decision,…

Read More

Google’s Data Safety Form: Timeline Extended and Key Considerations

By , and Insights

Google recently announced several key changes to the upcoming “Data safety form” for Google Play, including: Required Timeline Extended to Submit Data safety form: Google extended the deadline from April 2022 to July 2022. Specifically, according to Google: July 20, 2022: All new apps and updates to existing apps must include a Data safety form. If an app fails to…

Read More

iOS 15 Privacy Report Update: What it Means for App Owners

By , and Insights

As we previously noted, iOS 15 rolled out several privacy-focused measures to users. For example, users may record their app activity and download a report on app metrics from the previous seven days, called the App Privacy Report. These metrics include, for example: 1) when apps access certain permissions on the device (e.g. microphone, location, camera, etc.) and 2) which…

Read More

Google Play Store Releases Data Safety Form

By , and Insights

Android will adopt iOS-like privacy nutrition labels, called the “Data safety form,” starting April 2022. And according to Google, apps that fail to comply with this upcoming requirement may be “subject to policy enforcement, like blocked updates or removal from Google Play.” While it may be tempting to just repurpose the iOS nutrition labels, Google notes “the Data safety form…

Read More

Does Your App Track Users that Opted-out of Tracking?

By , , and Insights

In April 2020, Apple rolled out the App Tracking Transparency (“ATT”) framework, prompting legal and development teams to identify apps that “track”, as defined by Apple, users or access the IDFA and implement the ATT framework accordingly. See here for the NT Analyzer blog post. Technically, if a consumer chooses to opt-out of tracking, the app should no longer “track”…

Read More

Why is Unintended Data Leakage and Third Party Code So Prevalent?

By , and Insights

Almost every website, mobile app, and IoT relies on third party code. More often than not, this necessary reliance results in undetected data leakage, which can result in regulatory action, litigation, and/or bad PR. What is third party code? Third party code in this instance, refers to code or SDKs that have already been created by other developers. The use…

Read More

Global Privacy Control Opt-Out of “Sale” – A Technical and Legal Viewpoint

By , and Insights

According to the California Attorney General, consumers may now utilize a new technology called the Global Privacy Control (“GPC”) in order to opt out of a “sale” of personal information under the California Consumer Privacy Act (“CCPA”). The GPC, according to its website, was developed by “various stakeholders including technologists, web publishers, technology companies, browser vendors, extension developers, academics, and…

Read More