On April 16, 2020, the European eHealth Network published a common EU Toolbox for the use of contact tracing and warning apps in response to the coronavirus pandemic. The Toolbox is part of the common EU coordinated approach to using COVID-19 mobile apps. The Toolbox was accompanied by guidance from the European Commission on data protection and privacy aspects of the use of such apps.
Continue Reading EU Publishes Common Toolbox and Data Protection Guidance on Tracing Apps to Fight COVID-19

On May 6, 2019, the FTC announced that three dating apps were removed from the Apple App Store and Google Play Store following an FTC letter alleging that the apps potentially violated the Children’s Online Privacy Protection Act and the Federal Trade Commission Act.
Continue Reading Dating Apps Warned of Potential COPPA and FTC Act Violations Removed from App Stores

On August 30, 2018, Apple announced a June update to its App Store Review Guidelines that will require each developer to provide its privacy policy as part of the app review process and include in such policy specific content requirements. Effective October 3, 2018, all new apps and app updates must include a link to the developer’s privacy policy before they can be submitted for distribution to users through the App Store or through TestFlight external testing.
Continue Reading Apple to Require Privacy Policies for All New Apps and App Updates

On July 19, 2018, the French Data Protection Authority announced that it served a formal notice to two advertising startups headquartered in France, FIDZUP and TEEMO. Both companies collect personal data from mobile phones via software development kit tools integrated into the code of their partners’ mobile apps—even when the apps are not in use—and process the data to conduct marketing campaigns on mobile phones.
Continue Reading CNIL Serves Formal Notice to Marketing Companies to Obtain User’s Consent for Processing Geolocation Data for Ad Targeting

Recently, Iowa and Nebraska enacted information security laws applicable to personal information. Iowa’s law applies to operators of online services directed at and used by students in kindergarten through grade 12, whereas Nebraska’s law applies to all businesses doing business in Nebraska who own or license Nebraska residents’ personal information.
Continue Reading Iowa and Nebraska Enact Information Security Laws