Steven B. Roosa advises companies on a wide spectrum of technology and legal issues pertaining to privacy and data security. Steve serves as partner in Norton Rose Fulbright's New York office and oversees the firm's privacy compliance tool suite, NT Analyzer.
State privacy laws, such as the California Consumer Privacy Act (CCPA), require companies to implement opt-out solutions and honor applicable privacy requests. But if you have implemented an opt-out, how do you know it actually works? Is it configured properly? How do you validate that your opt-outs work as intended? Even more fundamentally, what are the technical criteria you need…
We originally imagined AI to potentially advance to its current state 80 years from now. Instead, here we are, with the next great technology revolution developing right before our eyes. We suspect it will be every bit as transformative—and disruptive—as the rise of the Internet. Although there are numerous philosophical musings to be made on the topic, such discussions will…
As privacy laws and requirements become more technically sophisticated, businesses may want to consider how they can follow suit. For example, state privacy laws, such as the California Consumer Privacy Act (CCPA), require companies to implement opt-out solutions and honor applicable privacy requests. Companies including an opt-out link, privacy preference controls, and a privacy policy on their websites and apps…
Google’s Data safety forms must be submitted by July 20, 2022. Failure to post by July 20, 2022, according to Google, can result in the rejection of new app submissions to Google Play. After July 20,200, non-compliant apps may face removal from the Google Play altogether. It’s the business’s job to take ownership over the accuracy of the labels and…
After more than a year of negotiations, on March 25, 2022, the European Commission and the United States announced an agreement for a new Trans-Atlantic Data Privacy Framework. The new Framework will replace EU-U.S. Privacy Shield, which was invalided by the Court of Justice of the European Union (“CJEU”)’s Schrems II decision in July 2020. Since the Schrems II decision,…
Google recently announced several key changes to the upcoming “Data safety form” for Google Play, including: Required Timeline Extended to Submit Data safety form: Google extended the deadline from April 2022 to July 2022. Specifically, according to Google: July 20, 2022: All new apps and updates to existing apps must include a Data safety form. If an app fails to…
We may be a little late to Data Privacy Day but we are looking ahead at what a big year for privacy 2022 will be! Below is a timeline of some of the privacy events on the horizon that are on our radar. What is happening right now? Schrems II and Google Analytics: The Austrian DPA’s recent decision regarding the…
As we previously noted, iOS 15 rolled out several privacy-focused measures to users. For example, users may record their app activity and download a report on app metrics from the previous seven days, called the App Privacy Report. These metrics include, for example: 1) when apps access certain permissions on the device (e.g. microphone, location, camera, etc.) and 2) which…
Android will adopt iOS-like privacy nutrition labels, called the “Data safety form,” starting April 2022. And according to Google, apps that fail to comply with this upcoming requirement may be “subject to policy enforcement, like blocked updates or removal from Google Play.” While it may be tempting to just repurpose the iOS nutrition labels, Google notes “the Data safety form…
In April 2020, Apple rolled out the App Tracking Transparency (“ATT”) framework, prompting legal and development teams to identify apps that “track”, as defined by Apple, users or access the IDFA and implement the ATT framework accordingly. See here for the NT Analyzer blog post. Technically, if a consumer chooses to opt-out of tracking, the app should no longer “track”…