Steven B. Roosa advises companies on a wide spectrum of technology and legal issues pertaining to privacy and data security. Steve serves as partner in Norton Rose Fulbright's New York office and oversees the firm's privacy compliance tool suite, NT Analyzer.
Apple recently released the latest version of its iPhone operating system, iOS 15. While iOS 15 currently has only a 15% adoption rate, the new operating system brings a slew of new features that are privacy-specific and can impact businesses. Privacy Reports The new App Privacy Report allows users to download a JSON file to see how apps are using…
Almost every website, mobile app, and IoT relies on third party code. More often than not, this necessary reliance results in undetected data leakage, which can result in regulatory action, litigation, and/or bad PR. What is third party code? Third party code in this instance, refers to code or SDKs that have already been created by other developers. The use…
According to the California Attorney General, consumers may now utilize a new technology called the Global Privacy Control (“GPC”) in order to opt out of a “sale” of personal information under the California Consumer Privacy Act (“CCPA”). The GPC, according to its website, was developed by “various stakeholders including technologists, web publishers, technology companies, browser vendors, extension developers, academics, and…
Google recently announced that beginning later this year, for Android 12, Android devices will “zero-out” the Google Advertising ID (“GAID”) for users who have opted out of tracking and personalized advertising. (In other words, using the “Opt out of Ads Personalization” settings). Specifically, according to Google: “This Google Play services phased rollout will affect apps running on Android 12 devices…
Almost every website, mobile app, and IoT rely on third party code. But more often than not, this necessary reliance results in undetected data leakage, which can result in regulatory action, litigation, and/or bad PR. For example, let’s say you’re developing a delivery-service mobile app where customers can track drivers in real-time on a map within the mobile app. Rather…
Google announced that it will follow industry standards with respect to privacy obligations. All developers with apps on Google Play will be required to disclose the type of data collected and stored and how such data is used by Q2 of 2022. These are in addition to other elements, such as security practices, data deletion upon uninstallation of app, etc….
On April 26, 2020, iOS/iPadOS/tvOS 14.5 and the enforcement of the AppTrackingTransparency (‘ATT’) go into effect. This means legal and development teams alike must be ready to: Identify those apps that either “track,” as defined by the privacy requirements, users or access the IDFA, and implement the AppTrackingTransparency (“ATT”) framework accordingly. NT Analyzer’s downloadable report and designated module for iOS…
Apple, in centralizing control over data collected on iOS, is rejecting apps from the App Store, essentially 50,000 apps at a time. For example, the App Store recently rejected updates to an app that used a third party software development kit (“SDK”) from Adjust. As a result of the SDK and according to Apple (as reported by Forbes): “[Your app]…collects…
Virginia recently enacted its own data protection/privacy law and like its European and Californian predecessors, the technical piece is key. Requirements Like the GDPR and CCPA, the Consumer Data Protection Act (“CDPA”), which goes into effect on January 1, 2023, broadly defines “personal data” as “any information that is linked or reasonably linkable to an identified or identifiable natural person.”…
Google will not use alternate identity solutions to track users online after third-party cookies are phased out in 2022. Instead, Google plans to rely on Privacy Sandbox, which preserves privacy for consumers while still enabling publishers and advertisers to target their ads. (See A More Privacy First Web.) NT Analyzer catalogs all collected and disclosed data, identifying relevant risk in…