Almost every website, mobile app, and IoT rely on third party code. But more often than not, this necessary reliance results in undetected data leakage, which can result in regulatory action, litigation, and/or bad PR.
For example, let’s say you’re developing a delivery-service mobile app where customers can track drivers in real-time on a map within the mobile app. Rather than create this “map” function in-house, which will take time and resources, your developer embeds third party code within the app that enables this “map” function. Every time your customer views the map within your mobile app, the third party code used to create that map “calls home” to the third party developer and shares the customer’s data with this third party map developer.
The reality is that this app would also likely include a payment option too, where customers can pay for your app’s services. To implement this feature, your developer would likely again rely on third party code in some capacity. Odds are, that the third parties that developed the map and payment features also relied on additional third party code, which means even more third parties are introduced to your app. And the cycle continues.
The use of this third party code is not only acceptable, but is typically encouraged in most cases for a company to save time and money. The problem? Since the vast majority of this data comes from a consumer’s device (where the mobile app/website is accessed), and not an organization’s own data center, organizations are largely blind to the collection and sharing of this data, despite being responsible for it under laws like the CCPA and GDPR and industry requirements like Apple’s iOS requirements.
Managing Data Leakage
The above illustration is just one of many examples of inadvertent data leakage. And through NT Analyzer, NRF’s in-house privacy compliance tool suite, we are working with clients on a daily basis to help identify and mitigate these problems to help them comply with their data privacy obligations. For example, through NT Analyzer, organizations can see all third parties and data associated with their mobile app or website, enabling them to manage data privacy risk by either entering into relevant agreements or removing the third parties from their mobile app or website.
Join Steven Roosa and Daniel Rosenzweig at IAPP tomorrow for 30 minutes, June 3 to learn more about NT Analyzer, see it in action and explore best practices in managing your digital privacy risk, including CCPA/CPRA, Schrems II, and iOS. Register here.