Skip to main content
All Posts By

Steven Roosa

Google Privacy Sandbox Won’t Support Alternate Identity Solutions

By and Insights

Google will not use alternate identity solutions to track users online after third-party cookies are phased out in 2022.  Instead, Google plans to rely on Privacy Sandbox, which preserves privacy for consumers while still enabling publishers and advertisers to target their ads.  (See A More Privacy First Web.) NT Analyzer catalogs all collected and disclosed data, identifying relevant risk in…

Read More

iOS: IDFA/ Tracking Opt-In: What You Should Know

By Insights

It looks like a date has been set for iOS 14’s required opt-in for “tracking” through Apple’s AppTrackingTransparency Framework, which includes opt-in for the IDFA … kind of? According to Apple, “[t]his requirement will roll out broadly in early spring…” (see Data Privacy Day at Apple). The NT Analyzer Take Although Apple has trumpeted this as a victory for end-user…

Read More

Solving Apple’s New App Privacy Requirement

By and Insights

Starting December 8, 2020, Apple will require developers to provide extensive, granular information about their app’s privacy practices, such as the type of data collected from users, third party data usage, and specific purpose of collection. Presumably, the failure to disclose this detailed information to Apple will get new apps and updates to existing apps blocked from the app store….

Read More

101 Problems and Schrems Ain’t One

By and Insights

Eureka! After burning the midnight oil, we’ve built an automated scanner to identify and sort the Schrems II risk of data flows for further legal handling. The scanner uses more than 20 different data points derived from network metadata to scan and classify data flows based on mass surveillance risk under the NSA’s so-called “Upstream” and “Downstream” data collection programs….

Read More

From the Development Laboratory: Schrems II and Detection of Cross-Border Data Transfers

By and Insights

The Court of Justice for the European Union (CJEU) recently issued an opinion (Schrems II) that invalidated the US-EU Privacy Shield. This presents the obvious technical question, “which of my data transfers are to the US?” For global companies operating in Europe and for EU-based companies, the answer is probably surprising.  It is almost impossible to operate a global business…

Read More

New York Law Journal recognizes Steven Roosa with Innovation Award

By and News

The New York Law Journal recently announced its 2020 Professional Excellence award recipients, Steven Roosa has been named among the Innovation Award winners. The Innovation award recognizes forward-thinking individuals with creative approaches to their work. Roosa developed NT Analyzer, used to identify third party leakage of legally sensitive information, inventory data collection, and sharing. Roosa, Norton Rose Fulbright’s US Head…

Read More

Why So Many Cookie Policies are Broken

By Insights

Cookies Are One Piece of a Larger Puzzle There has been an odd preoccupation with cookies for some time now—to the exclusion of other forms of browser tracking, some of which are much more flexible and more robust in their data collection capabilities than cookies.  Despite this fact, these other, non-cookie tracking technologies are often not referenced in privacy policies…

Read More