Daniel Rosenzweig (US)

Subscribe to all posts by Daniel Rosenzweig (US)

Biden restricts U.S. government use of commercial spyware

Governments state that they use commercial spyware exclusively for criminal investigations, but critics claim such spyware has purportedly been used for human rights abuses targeting journalists, human rights defenders, lawyers, and political dissidents.  Moreover, the U.S. Government and its employees have been allegedly targeted by such spyware.  To set an example for governments globally—both authoritarian … Continue reading

HHS: Online trackers without prior authorization and BAAs can violate HIPAA

HHS: Online trackers without prior authorization and BAAs can violate HIPAA By Steve Roosa, Sue Ross, Dan Rosenzweig On the evening of December 1, 2022, the U.S. Department of Health and Human Services (HHS) issued a 12-page Bulletin titled “Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates (the “Bulletin”).  In the … Continue reading

California Age-Appropriate Design Code Act

On September 15, 2022, California’s Governor Newsom signed A.B. 2273, known as the California Age-Appropriate Design Code Act (“CADC”).  The law, to be codified at Cal. Civ. §§ 1798.99.28 – 1798.99.40, will go into effect on July 1, 2024, but businesses that will be affected by it will need to be in compliance by that … Continue reading

Google Data Safety Forms must be submitted by July 20, 2022

Google’s Data Safety Forms must be submitted by July 20, 2022. According to Google, failing to post by July 20, 2022 can result in the rejection of new Google Play app submissions. After July 20,200, non-compliant apps could face removal from the Google Play. It’s the business’s job to take ownership over the accuracy of … Continue reading

European rulings on the use of Google Analytics and how it may affect your business

Recent decisions out of the EU will impact the use of Google Analytics and similar non-European analytics services when targeting EU individuals, with the potential to put many organizations at risk of receiving GDPR fines. At issue was the transfer of personal data from the EU to the US through the use of Google Analytics. … Continue reading

iOS 15 Privacy Report Update and what it means for app owners

As we previously noted, iOS 15 rolled out several privacy-focused measures to users. For example, users may record their app activity and download a report on app metrics from the previous seven days, called the App Privacy Report. These metrics include, for example: 1) when apps access certain permissions on the device (e.g. microphone, location, camera, … Continue reading

Google Play Store Releases Data Safety Form

Android will adopt iOS-like privacy nutrition labels, called the “Data safety form,” starting April 2022. And according to Google, apps that fail to comply with this upcoming requirement may be “subject to policy enforcement, like blocked updates or removal from Google Play.” While it may be tempting to just repurpose the iOS nutrition labels, Google notes … Continue reading

NT Analyzer: Does your app track users that opted-out of tracking?

A transparency-focused privacy software company confirms that some apps are continuing to transmit data despite some users having opted-out of “tracking.” The study tested 10 popular apps and discovered that some continue to track even though those users have “ask[ed] app not to track” when presented with the ATT pop-up. Read Steve Roosa and Daniel … Continue reading

Global Privacy Control Opt-Out of “Sale” – A Technical and Legal Viewpoint

According to the California Attorney General, consumers may now utilize a new technology called the Global Privacy Control (“GPC”) in order to opt out of a “sale” of personal information under the California Consumer Privacy Act (“CCPA”). The GPC, according to its website, was developed by “various stakeholders including technologists, web publishers, technology companies, browser vendors, … Continue reading

Google to nix “GAID” for opted-out users on Android

Steve Roosa and Daniel Rosenzweig report on Google’s recent announcement regarding Android GAID settings. Beginning later in 2021, for Android 12, Android devices will “zero-out” the Google Advertising ID (“GAID”) for users who have opted out of tracking and personalized advertising. (In other words, using the “Opt out of Ads Personalization” settings). Read the full … Continue reading

Navigating Virginia’s new privacy law

Virginia recently enacted its own data protection/privacy law and like its European and Californian predecessors, the technical piece is key. Like the GDPR and CCPA, the Consumer Data Protection Act (“CDPA”), which goes into effect on January 1, 2023, broadly defines “personal data” as “any information that is linked or reasonably linkable to an identified … Continue reading

101 Problems and Schrems Ain’t One

Eureka! After burning the midnight oil, we’ve built an automated scanner to identify and sort the Schrems II risk of data flows for further legal handling. The scanner uses more than 20 different data points derived from network metadata to scan and classify data flows based on mass surveillance risk under the NSA’s so-called “Upstream” … Continue reading

GDPR, CCPA and beyond: Changes in data privacy laws and enforcement risks to monitor in 2019

This is the Data Protection Report’s eighth blog post in series of CCPA blog posts that will break down the major elements of the CCPA. Stay tuned for additional posts on the CCPA. With significant enforcement activity and new laws being enacted or proposed since the start of the year, regulators in the EU and … Continue reading
LexBlog