How Should Developers Create
Privacy Protections for Downloaded Apps?
How can businesses launch a video game or social media app that will successfully navigate the minefield of privacy laws and regulations?
One of the often overlooked legal aspects of developing and marketing apps relates to complying with the necessary privacy regulations. Often, independent developers of apps overlook the fact that the process of downloading involves more than just focusing on creating profitable design elements, entertaining game play and using appropriate source code. It also involves accumulating private data about the users.
The following are five common questions that relate to a range of apps, from video games to informational and social media, from mobile applications to business-related software.
Privacy Protections for Developers FAQ
1. What data relating to users am I allowed to keep?
The answer to this initially concerns two different issues: (1) what is the prevailing law in the jurisdiction that governs the particular download, and (2) what is contained in the terms and conditions, privacy policy and other documentation relating to that download? Unfortunately, a robust set of terms and conditions is not always sufficient to protect against a violation of the privacy laws and regulations in all the relevant jurisdictions.
For example, the European Union’s General Data Protection Regulations (GDPR) that were implemented in May of 2018 have a multi-layered set of restrictions that concern digital privacy applicable to apps. Even the most well-crafted terms and conditions are not certain to address all those requirements, and even if they do, other jurisdictions may have additional restrictions that apply.
2. Are there any special categories that I need to be particularly focused on in terms of collecting private data?
In short, yes; there are many categories of information as to which you need to be particularly focused. An obvious example would be children. There are special laws that prohibit the collection of data regarding minors that do not apply to adults. For example, the Children’s Online Privacy Protection Act (COPPA) regulations impose requirements on the operators of websites, apps, and other online services with respect to the personal data they collect from those under the age of 13. It should be noted that there are a number of revisions and enhancements to COPPA that are currently under consideration.
3. What laws or regulations govern privacy policies and activities related to the use of online data?
There are a number of laws that concern the promulgation and enforcement of digital privacy policies. They include the previously-referenced Children’s Online Privacy Protection Act (COPPA), as well as the European Union’s EU-U.S. Privacy Shield Framework. It should be noted that the latter not only applies internationally, but also impacts the United States, since U.S.-based websites can generally be accessed by European Union citizens. In addition, if the app relates to financial transactions, that may also implicate the requirements of the Fair Credit Reporting Act and the Gramm-Leach-Bliley Act (GLBA). In addition to all this, it is critical for a webmaster to comply with its own website’s privacy policy, regardless of the prevailing statutory and regulatory framework.
4. Is there any way to protect against a violation of digital privacy laws and regulations, generally?
Not really. Whether one is purchasing the app through Google Play, Apple/iOS or some other platform—and whether that download is being effectuated in one jurisdiction or another—there is no one-size-fits-all solution. As stated, the various jurisdictions have enacted such a diverse set of such restrictions that privacy practices need to be customized to the specific uses and governing laws and regulations.
5. What does the future hold with regard to the problems inherent in collection of private digital data?
While it is impossible to know for sure, one thing is absolutely clear: the present state of affairs is completely untenable. As stated above, there are so many overlapping and contradictory requirements for providing notice to the public about compliance with privacy regulations; storing the data itself; and avoiding the resulting penalties for violating those confusing and conflicting requirements, that it is self-evident something needs to be done.
The most obvious approach would be to effectuate a worldwide digital treaty that would not only be binding upon states, provinces and other governmental subdivisions, but also be adopted by the national governments themselves. The aim would be to create a comprehensive set of requirements for downloading and storing private data. It remains to be seen whether we shall see actual progress along those lines.
Looking for advice?
We're here to help.
Contact the Nissenbaum Law Group to schedule an appointment at 908-686-8000 or feel free to use the following form to e-mail us. Please include as much information as you can to ensure that we are able to handle your request as quickly as possible
Looking for advice?
We're here to help.
Contact the Nissenbaum Law Group to schedule an appointment at 908-686-8000 or feel free to use the following form to e-mail us. Please include as much information as you can to ensure that we are able to handle your request as quickly as possible.
OFFICE LOCATIONS
MAIN OFFICE
2400 Morris Avenue
Union, NJ 07083
P: (908) 686-8000
F: (908) 686-8550
140 Broadway
46th Floor
New York, NY 10005
P: (212) 871-5711
F: (212) 871-5712
1650 Market Street
Suite 3600
Philadelphia, PA 19103
P: (215) 523-9350
F: (215) 523-9395
100 Crescent Court
7th Floor
Dallas, TX 75201
P: (214) 222-0020
F: (214) 222-0029