On September 15, 2021, the Federal Trade Commission issued a Policy Statement to clarify the scope of the FTC’s Health Breach Notification Rule as it relates to health apps and connected devices.
Continue Reading FTC Issues Guidance Clarifying Scope of Its Health Breach Notification Rule for Health Apps and Connected Devices
Mobile Device
FTC Bans Stalkerware App Company from the Surveillance Business and Orders Company to Delete Any Illegally Collected Information
On September 1, 2021, the FTC banned the operator of a stalkerware app company and its CEO from offering, promoting, selling or advertising any surveillance app, service or business, alleging that the app allowed purchasers to illegally surveil other individuals by monitoring their device activity without their knowledge. …
Continue Reading FTC Bans Stalkerware App Company from the Surveillance Business and Orders Company to Delete Any Illegally Collected Information
Dutch DPA Fines TikTok 750,000 EUR for Transparency Violations
On July 22, 2021, the Dutch Data Protection Authority announced that it had imposed a 725,000 EUR fine on TikTok for violating the privacy of young children, namely for the company’s alleged lack of transparency.
Continue Reading Dutch DPA Fines TikTok 750,000 EUR for Transparency Violations
Google to Prevent App Developers from Using Advertising ID for Any Purpose Following User Opt-Out
On June 3, 2021, Google informed app developers that beginning in late 2021, when Android 12 OS users opt out of personalized ads, the advertising ID provided by Google Play services will not be made available to app developers for any purpose.
Continue Reading Google to Prevent App Developers from Using Advertising ID for Any Purpose Following User Opt-Out
Google Play to Require Android App Data Privacy and Security Disclosures
Google has announced that beginning in the second quarter of 2022, developers submitting new apps and app updates to the Google Play store will be required to disclose certain information regarding their apps’ data collection, use, sharing and security practices, as well as provide a privacy policy for their apps.
Continue Reading Google Play to Require Android App Data Privacy and Security Disclosures
CIPL Submits Response to the EDPB Guidelines on Virtual Voice Assistants
The Centre for Information Policy Leadership at Hunton Andrews Kurth has submitted its response to the European Data Protection Board consultation on draft guidelines on virtual voice assistants. The Guidelines were adopted on March 12, 2021 for public consultation.
Continue Reading CIPL Submits Response to the EDPB Guidelines on Virtual Voice Assistants
Belgian Constitutional Court Annuls Data Retention Framework for Electronic Communications Data
On April 22, 2021, the Belgian Constitutional Court annulled the framework set forth by the Law of 29 May 2016 requiring telecommunications providers to retain electronic communications data in bulk. …
Continue Reading Belgian Constitutional Court Annuls Data Retention Framework for Electronic Communications Data
Apple’s ATT Framework to Go Into Effect April 26, 2021
Apple has announced that its AppTracking Transparency Framework will go into effect starting April 26, 2021, along with the upcoming public release of iOS 14.5, iPadOS 14.5 and tvOS 14.5.
Continue Reading Apple’s ATT Framework to Go Into Effect April 26, 2021
China Issues Provisions on the “Scope of Necessary Personal Information Required for Common Types of Mobile Internet Applications”
The Cyberspace Administration of China has released Provisions on the “Scope of Necessary Personal Information Required for Common Types of Mobile Internet Applications.” The Provisions generally are consistent with the draft version previously issued for public comments on December 1, 2020 and include additional details, as well as new provisions relating to ticketing applications (e.g., those for purchasing seats at performances).
Continue Reading China Issues Provisions on the “Scope of Necessary Personal Information Required for Common Types of Mobile Internet Applications”
EDPB Releases Guidelines on Virtual Voice Assistants
On March 12, 2021, the European Data Protection Board (“EDPB”) published its Guidelines 01/2021 on Virtual Voice Assistants for consultation (the “Guidelines”). Virtual voice assistants (“VVAs”) understand and execute voice commands or coordinate with other IT systems. These tools are available on most smartphones and other devices and collect significant amounts of personal data, such as through user commands. In addition, VVAs require a terminal device equipped with a microphone and transfer data to remote service. These activities raise compliance issues under both the General Data Protection Regulation (“GDPR”) and the e-Privacy Directive.
Continue Reading EDPB Releases Guidelines on Virtual Voice Assistants