Skip to main content

Does Your App Track Users that Opted-out of Tracking?

In April 2020, Apple rolled out the App Tracking Transparency (“ATT”) framework, prompting legal and development teams to identify apps that “track”, as defined by Apple, users or access the IDFA and implement the ATT framework accordingly. See here for the NT Analyzer blog post. Technically, if a consumer chooses to opt-out of tracking, the app should no longer “track” the user.  However, a new study by a transparency-focused privacy software company confirms that some apps continue to transmit data to third parties despite users having opted-out of “tracking” under ATT.  The study tested 10 popular apps and discovered that some continue to track even though those users have “ask[ed] app not to track” when presented with the ATT pop-up.

Business Implications

The study serves as a cautionary tale to businesses. Continuing to track users against the user’s consent could cause issues for companies, including potential reputational harm and enforcement actions as a result of misrepresentations regarding data practices.  Indeed, companies that do not have a clear understanding of their apps’ data flows are especially vulnerable to the risk of violating privacy laws.

How can we help?

Through NT Analyzer, we work with clients on a daily basis to help identify and mitigate these problems to help them comply with their data privacy obligations.  For example, NT Analyzer allows organizations to see all third parties and data associated with their mobile app or website, enabling them to manage data privacy risk by either entering into relevant agreements or removing the third parties from their mobile app or website.

 

Special thanks to law clerk Nicole Sakin for her assistance in the preparation of this content.

Steven Roosa

Author Steven Roosa

Steven B. Roosa advises companies on a wide spectrum of technology and legal issues pertaining to privacy and data security. Steve serves as partner in Norton Rose Fulbright's New York office and oversees the firm's privacy compliance tool suite, NT Analyzer.

More posts by Steven Roosa
Steven Roosa

Author Daniel Rosenzweig

Daniel B. Rosenzweig is a lawyer in Norton Rose Fulbright's Data Protection, Privacy and Cybersecurity practice group in the New York office. Daniel is part of the core team that oversees NT Analyzer to help clients navigate the complex data protection and privacy landscape.

More posts by Daniel Rosenzweig
Steven Roosa

Author Wenda Tang

Wenda Tang is a lawyer in the Washington, DC office, where she is part of the Data Protection, Privacy and Cybersecurity practice group. Wenda focuses on drafting and interpreting technology-related contracts, including insertion orders, service provider addendums, DPAs, advertising agreements, and non-disclosure agreements. She also assists clients in complying with data protection and privacy laws, such as the CCPA, GDPR, HIPAA, GLBA, COPPA, CAN-SPAM Act, and TCPA.

More posts by Wenda Tang