Almost every website, mobile app, and IoT rely on third party code. But more often than not, this necessary reliance results in undetected data leakage, which can result in regulatory action, litigation, and/or bad PR. For example, let’s say you’re developing a delivery-service mobile app where customers can track drivers in real-time on a map within the mobile app. Rather…
Google announced that it will follow industry standards with respect to privacy obligations. All developers with apps on Google Play will be required to disclose the type of data collected and stored and how such data is used by Q2 of 2022. These are in addition to other elements, such as security practices, data deletion upon uninstallation of app, etc….
On April 26, 2020, iOS/iPadOS/tvOS 14.5 and the enforcement of the AppTrackingTransparency (‘ATT’) go into effect. This means legal and development teams alike must be ready to: Identify those apps that either “track,” as defined by the privacy requirements, users or access the IDFA, and implement the AppTrackingTransparency (“ATT”) framework accordingly. NT Analyzer’s downloadable report and designated module for iOS…
Apple, in centralizing control over data collected on iOS, is rejecting apps from the App Store, essentially 50,000 apps at a time. For example, the App Store recently rejected updates to an app that used a third party software development kit (“SDK”) from Adjust. As a result of the SDK and according to Apple (as reported by Forbes): “[Your app]…collects…
Virginia recently enacted its own data protection/privacy law and like its European and Californian predecessors, the technical piece is key. Requirements Like the GDPR and CCPA, the Consumer Data Protection Act (“CDPA”), which goes into effect on January 1, 2023, broadly defines “personal data” as “any information that is linked or reasonably linkable to an identified or identifiable natural person.”…
Google will not use alternate identity solutions to track users online after third-party cookies are phased out in 2022. Instead, Google plans to rely on Privacy Sandbox, which preserves privacy for consumers while still enabling publishers and advertisers to target their ads. (See A More Privacy First Web.) NT Analyzer catalogs all collected and disclosed data, identifying relevant risk in…
It looks like a date has been set for iOS 14’s required opt-in for “tracking” through Apple’s AppTrackingTransparency Framework, which includes opt-in for the IDFA … kind of? According to Apple, “[t]his requirement will roll out broadly in early spring…” (see Data Privacy Day at Apple). The NT Analyzer Take Although Apple has trumpeted this as a victory for end-user…
Starting December 8, 2020, Apple will require developers to provide extensive, granular information about their app’s privacy practices, such as the type of data collected from users, third party data usage, and specific purpose of collection. Presumably, the failure to disclose this detailed information to Apple will get new apps and updates to existing apps blocked from the app store….
Eureka! After burning the midnight oil, we’ve built an automated scanner to identify and sort the Schrems II risk of data flows for further legal handling. The scanner uses more than 20 different data points derived from network metadata to scan and classify data flows based on mass surveillance risk under the NSA’s so-called “Upstream” and “Downstream” data collection programs….
The Court of Justice for the European Union (CJEU) recently issued an opinion (Schrems II) that invalidated the US-EU Privacy Shield. This presents the obvious technical question, “which of my data transfers are to the US?” For global companies operating in Europe and for EU-based companies, the answer is probably surprising. It is almost impossible to operate a global business…