Steve Roosa (US)

Subscribe to all posts by Steve Roosa (US)

Google Data Safety Forms must be submitted by July 20, 2022

Google’s Data Safety Forms must be submitted by July 20, 2022. According to Google, failing to post by July 20, 2022 can result in the rejection of new Google Play app submissions. After July 20,200, non-compliant apps could face removal from the Google Play. It’s the business’s job to take ownership over the accuracy of … Continue reading

European rulings on the use of Google Analytics and how it may affect your business

Recent decisions out of the EU will impact the use of Google Analytics and similar non-European analytics services when targeting EU individuals, with the potential to put many organizations at risk of receiving GDPR fines. At issue was the transfer of personal data from the EU to the US through the use of Google Analytics. … Continue reading

iOS 15 Privacy Report Update and what it means for app owners

As we previously noted, iOS 15 rolled out several privacy-focused measures to users. For example, users may record their app activity and download a report on app metrics from the previous seven days, called the App Privacy Report. These metrics include, for example: 1) when apps access certain permissions on the device (e.g. microphone, location, camera, … Continue reading

Google Play Store Releases Data Safety Form

Android will adopt iOS-like privacy nutrition labels, called the “Data safety form,” starting April 2022. And according to Google, apps that fail to comply with this upcoming requirement may be “subject to policy enforcement, like blocked updates or removal from Google Play.” While it may be tempting to just repurpose the iOS nutrition labels, Google notes … Continue reading

NT Analyzer: Does your app track users that opted-out of tracking?

A transparency-focused privacy software company confirms that some apps are continuing to transmit data despite some users having opted-out of “tracking.” The study tested 10 popular apps and discovered that some continue to track even though those users have “ask[ed] app not to track” when presented with the ATT pop-up. Read Steve Roosa and Daniel … Continue reading

Global Privacy Control Opt-Out of “Sale” – A Technical and Legal Viewpoint

According to the California Attorney General, consumers may now utilize a new technology called the Global Privacy Control (“GPC”) in order to opt out of a “sale” of personal information under the California Consumer Privacy Act (“CCPA”). The GPC, according to its website, was developed by “various stakeholders including technologists, web publishers, technology companies, browser vendors, … Continue reading

Google to nix “GAID” for opted-out users on Android

Steve Roosa and Daniel Rosenzweig report on Google’s recent announcement regarding Android GAID settings. Beginning later in 2021, for Android 12, Android devices will “zero-out” the Google Advertising ID (“GAID”) for users who have opted out of tracking and personalized advertising. (In other words, using the “Opt out of Ads Personalization” settings). Read the full … Continue reading

Navigating Virginia’s new privacy law

Virginia recently enacted its own data protection/privacy law and like its European and Californian predecessors, the technical piece is key. Like the GDPR and CCPA, the Consumer Data Protection Act (“CDPA”), which goes into effect on January 1, 2023, broadly defines “personal data” as “any information that is linked or reasonably linkable to an identified … Continue reading

101 Problems and Schrems Ain’t One

Eureka! After burning the midnight oil, we’ve built an automated scanner to identify and sort the Schrems II risk of data flows for further legal handling. The scanner uses more than 20 different data points derived from network metadata to scan and classify data flows based on mass surveillance risk under the NSA’s so-called “Upstream” … Continue reading

CCPA: “Wait and see” is not the right approach

We are seeing companies use many different approaches to the California Consumer Privacy Act (“CCPA”) compliance, but the “wait and see” approach in particular is not advisable. Companies who want to “wait and see” point to the pending amendments to CCPA that are currently working through the California Senate (as we have previously described—see links … Continue reading

NT Analyzer Blog Series: Why So Many Cookie Policies Are Broken, Part I – HTML5 LocalStorage

Cookies Are One Piece of a Larger Puzzle There has been an odd preoccupation with cookies for some time now—to the exclusion of other forms of browser tracking, some of which are much more flexible and more robust in their data collection capabilities than cookies.  Despite this fact, these other, non-cookie tracking technologies are often … Continue reading

CCPA: “Attorney General Amendment” Likely Dead

This is the Data Protection Report’s ninth blog post in a series of CCPA blog posts that will break down the major elements of the CCPA. Stay tuned for additional posts on the CCPA. On May 16, 2019, the California Senate Appropriations Committee held a hearing that included S.B. 561, the “Attorney General amendment” to the … Continue reading

California Consumer Privacy Act: Disclosure requirements

This is the Data Protection Report’s fourth blog posts in a series of CCPA blog posts that will break down the major elements of the CCPA, which will culminate in a webinar on the CCPA in October. Stay tuned for additional blogs and information about our upcoming webinar on the CCPA. The California Consumer Privacy … Continue reading

California Consumer Privacy Act: GDPR-like definition of personal information

This is the Data Protection Report’s third blog post in a series of CCPA blog posts that will break down the major elements of the CCPA which will culminate in a webinar on the CCPA in October. This blog focuses on the CCPA’s broad definition of Personal Information. Stay tuned for additional blogs and information … Continue reading

California Consumer Privacy Act blog series: Covered entities

This is the Data Protection Report’s second post in a series of blog posts that will break down the major elements of the CCPA which will culminate in a webinar on the CCPA in October. This blog focuses on covered entities. Stay tuned for additional posts and information about our upcoming webinar on the CCPA. … Continue reading

California passes major legislation, expanding consumer privacy rights and legal exposure for US and global companies

This is a Data Protection Report post in a series of blog posts that will break down the major elements of the CCPA. Stay tuned for additional CCPA posts. On June 28, 2018, California lawmakers enacted the California Consumer Privacy Act of 2018 (the “CCPA”) a sweeping, GDPR-like privacy law which is intended to give … Continue reading
LexBlog