The Children’s Advertising Review Unit recently settled with TickTalk Tech, LLC over its information collection practices. CARU, a self-regulatory body that reaches voluntary settlements with companies, conducts regular audits of privacy practices by companies in the child space. During one such audit, it identified concerns over TickTalk Tech’s kids smart watch, TickTalk4.
Continue Reading Smart Watch Maker Settles with CARU Over Privacy Policy and Parental Consent

The Digital Advertising Accountability Program, which enforces privacy principles for digital advertising, issued a compliance warning to advertisers regarding device fingerprinting. This warning is worth keeping in mind, since the “fingerprinting” practice is rising in more and more industries.
Continue Reading DAA Issues Warning On Device Fingerprinting

Google Play’s “data safety form” is now live. Developers can now submit the form for early review and feedback. Starting in April 2022, Google will require this label and a privacy policy for all new and existing apps. This is similar to Apple. Before, only apps that collected personal and sensitive user data needed to share a privacy policy in Google’s store.
Continue Reading Google’s Privacy “Data Safety” Form Is Now Available

Apple has issued new guidelines for apps that let people create accounts. The guidelines will require these apps to give people a way to delete their accounts. This requirement is broader than CCPA and GDPR deletion rights, as it applies to all users (not just those from specific territories). The requirements go into effect for submissions starting January 31, 2022.
Continue Reading Apple To Require Ability to Delete Accounts In-App

New York City recently amended its law governing third party delivery services, with the changes going into effect December 27, 2021. The revised law specifically permits restaurants to ask for customers’ personal information from the delivery service. The delivery service, in turn, must tell consumers about the potential sharing “in a conspicuous manner” on its website and give people the ability to opt-out of such sharing.  That notice needs to indicate that the person’s information will be shared with the restaurant, and needs to identify the restaurant.
Continue Reading Impact of NYC’s New Delivery Service Data Sharing Requirement

As discussed in our sister blog, CARU’s revised Ad Guidelines go into effect on January 1, 2022. While the core principles of the guidelines have not changed, they now include new content to account for today’s advertising environment. Several modifications are important to keep in mind for those who collect information from children.
Continue Reading The Impact of the CARU Advertising Guidelines Change On Privacy

Google recently announced that beginning next year it will require Android mobile apps to provide privacy disclosures. These disclosures will live in a new “safety section” in Google Play. The requirements include disclosing:

  • What information the app collects and how information is used;
  • How the app protects information and if it uses encryption;
  • If information is shared and if users have a choice about sharing;
  • If users can request data deletion; and
  • If the disclosures made in the safety section have been verified by an independent third party.

Continue Reading Time to Update Your Privacy Disclosure Creation Checklists? Google Will Add to Mobile Privacy Disclosure Requirements

As of this week, Apple’s requirements for apps to follow its AppTrackingTransparency are now in effect. These requirements went hand-in-hand with the iOS 14.5 launch, and impacts how an app can track users and access their advertising device IDs. In particular, consumer consent is now required if the app collects consumer information and shares it with others “for purposes of tracking across apps and web sites.” Apple has provided developers with specific implementation steps, which will be reviewed when apps are submitted to Apple for approval. As part of the submission, companies need to explain why they want to track users, as required under Apple’s guidelines.
Continue Reading Apple’s App Tracking Transparency Now In Effect

As many who have been tracking CCPA are aware, the law requires training employees who handle consumer inquiries, and ensuring that employees understand how to help consumers exercise their rights. Since most of those rights requests are arriving by web page, email, and phone, it is unlikely that rights requests will slow in the face of COVID-19. Indeed, it is possible that they may increase. Employees will thus still need training, something many companies had anticipated doing in-person.

CoronavirusContinue Reading Turn On the Camera Part Three: Fulfilling CCPA Training Obligations in the Face of COVID-19

As we get settled into the reality of living with both CCPA and GDPR, companies are looking for new approaches for keeping their privacy houses in order. CCPA reminds us that there is no end to new legislation: proposals are already coming in from states as varied as Nebraska, New Hampshire and Virginia. Similar legislative trends exist around the globe. How can companies be prepared to address this ever shifting legislative landscape? There are a few essential steps privacy officers can take, including (1) aligning the privacy team’s efforts with the underlying corporate mission, (2) having a clear understanding of both the company’s data and its use practices, and (3) having infrastructure in place that will allow for updates to notices and rights.
Continue Reading Getting Prepared for a Decade of Privacy