Companies are continuing to find it hard to navigate the legal landscape of website accessibility. Plaintiff’s lawyers argue that “inaccessible” websites or mobile apps fail to comply with the Americans With Disabilities Act or similar state laws. This despite the absence of standards for website accessibility in these laws. Similarly, while the Department of Justice does not have a regulation setting out detailed website accessibility standards, the Department’s position has been that the Americans with Disabilities Act’s general nondiscrimination and effective communication provisions apply to web accessibility.
Mobile Apps Beware!: California AG’s Current Privacy Sweep
The California AG announced an investigative sweep of mobile apps, as we reported in our sister blog. The investigative focus is on companies in the retail, travel and food service industries who may not be complying with the California Consumer Privacy Act (CCPA). As we have written previously, the California law requires entities to provide individuals with a myriad of rights, including as it relates to “sale” of personal information.…
Continue Reading Mobile Apps Beware!: California AG’s Current Privacy Sweep
UK App Code Provides Privacy and Security Compliance Direction
The UK’s new Code of Practice for App Store Operators and App Developers provides companies with privacy-related resources. It also highlights ICO privacy expectations. Participating in the code is done by voluntarily complying with it (it is not mandatory). The UK Department for Digital, Culture, Media, and Sport, though, is not only working with leading companies to participate in the code, but also is looking at whether current laws should be expanded and/or if code participation should become mandatory. …
Continue Reading UK App Code Provides Privacy and Security Compliance Direction
FTC and Other Regulators Continue to Signal Interest in Mobile Health Apps
The FTC is closing out 2022 with additional guidance for mobile health app developers signaling its continued interest in this industry. Since 2021, we have seen several steps from the agency demonstrating a focus on companies that collect health information but may not be a covered entity or business associate under HIPAA. This includes publishing additional resources, releasing commentary broadly interpreting the FTC’s Health Breach Notification Rule, and enforcement activity. Most recently, the FTC and other key regulators updated its “Mobile Health App Interactive Tool”.…
Continue Reading FTC and Other Regulators Continue to Signal Interest in Mobile Health Apps
Google’s Privacy “Data Safety” Form Is Now Available
Continue Reading Google’s Privacy “Data Safety” Form Is Now Available
Apple To Require Ability to Delete Accounts In-App
Apple has issued new guidelines for apps that let people create accounts. The guidelines will require these apps to give people a way to delete their accounts. This requirement is broader than CCPA and GDPR deletion rights, as it applies to all users (not just those from specific territories). The requirements go into effect for submissions starting January 31, 2022.
Continue Reading Apple To Require Ability to Delete Accounts In-App
Time to Update Your Privacy Disclosure Creation Checklists? Google Will Add to Mobile Privacy Disclosure Requirements
Google recently announced that beginning next year it will require Android mobile apps to provide privacy disclosures. These disclosures will live in a new “safety section” in Google Play. The requirements include disclosing:
- What information the app collects and how information is used;
- How the app protects information and if it uses encryption;
- If information is shared and if users have a choice about sharing;
- If users can request data deletion; and
- If the disclosures made in the safety section have been verified by an independent third party.
Continue Reading Time to Update Your Privacy Disclosure Creation Checklists? Google Will Add to Mobile Privacy Disclosure Requirements
FTC Settles with Fertility Tracking App For Alleged Deceptive Data Sharing Practices
The FTC recently settled with Flo Health, Inc., a popular fertility-tracking app, based on promises made about how health data would be shared. In its complaint, the FTC alleged that while Flo promised to keep users’ health data private and only use it to provide the app’s services to users, in fact, health information of over 100 million users was being shared with popular third party companies. Namely, third parties who provided marketing and analytics services to the app.
Continue Reading FTC Settles with Fertility Tracking App For Alleged Deceptive Data Sharing Practices
Apple Privacy Nutrition Labels Effective Starting Next Month
Continue Reading Apple Privacy Nutrition Labels Effective Starting Next Month
EDPB Announces Scope of COVID-19 Guidance
Following its 20th plenary session on April 7, the European Data Protection Board (EDPB) selected geolocation and health data to focus on in its upcoming COVID-19 guidance. This follows in response to the EDPB’s earlier broad statement on the processing of personal data in the context of COVID-19.
Continue Reading EDPB Announces Scope of COVID-19 Guidance
FCC Ruling Helps Clarify What COVID-19 Texts and Calls Are “Emergency” Under TCPA
The FCC recently issued a declaratory ruling explaining what calls and text message alerts it viewed as “emergency” for purposes of the Telephone Consumer Protection Act. Under TCPA, requirements to obtain consent to make certain calls and texts to cell phone numbers do not apply when a message is an “emergency.” Under the FCC’s new ruling, certain calls and texts from government officials and healthcare providers about the COVID-19 pandemic will be viewed as emergency messages.
Continue Reading FCC Ruling Helps Clarify What COVID-19 Texts and Calls Are “Emergency” Under TCPA