Following the launch of its mHealth Developer Portal last October, the HHS Office for Civil Rights has released guidance clarifying how HIPAA applies to mobile health apps. Ensuring that developers understand their legal obligations is critical to protecting consumer privacy and security, especially now that there are more than 165,000 health apps available in the iTunes and Android app stores. A more clear understanding of how the rules apply can also help bring down barriers to innovation.
The HHS Office for Civil Rights has launched an online portal designed to solicit questions from mHealth developers regarding compliance with HIPAA privacy and security requirements. The portal is designed to demystify HIPAA for app developers while providing guidance to regulators about which aspects of HIPAA may require clarification.
The Consumer Financial Protection Bureau is exploring how consumers—particularly members of economically vulnerable and underserved communities—are using mobile technology to access financial services and manage personal finances. In a Request for Information announced earlier this week, the CFPB notes that a large percentage of unbanked and underbanked consumers, many of whom are low-income, have access to mobile phones, a significant number of which are smartphones, and that accessing financial products, services, and financial management tools via mobile devices has the potential to empower consumers to take more control over their financial lives, to increase savings and reduce debt.
The Federal Trade Commission (“FTC”) has settled with two mobile application developers, Fandango and Credit Karma, over charges that they misrepresented the security of their mobile applications. According to the FTC, the developers failed to provide reasonable and appropriate security when their mobile applications transmitted consumers’ sensitive information. The particular issues noted by the FTC in its complaints against the developers differ to some degree, but the complaints share a common thread: the developers disabled the Secure Sockets Layer (SSL) protocol, which authenticates and encrypts communications across networks. In our post, we provide a high-level description of how SSL works, summarize the FTC’s complaints against Fandango and Credit Karma, and identify some important takeaways from these settlements.
In a decision with important implications for companies that hire outside marketing firms, a federal judge has certified a class of nearly 60,000 individuals who allegedly received an unsolicited text message from a marketing company hired by Stonebridge Life Insurance Company. The plaintiff in Lee v. Stonebridge Life Insurance Company and Trifecta Marketing Company, LLC, 3:11-cv-00043 (N.D. […]
Today the FTC released Mobile Privacy Disclosures: Building Trust Through Transparency, a report containing recommendations for the mobile industry. The report encourages mobile app platforms to play a significant role in providing consumers with privacy-related information, devoting more pages to recommendations for platforms than it does for developers, ad networks, third-party service providers, and trade […]
James Denvil, an associate in our Washington office, contributed to this entry. This week, Washington lawmakers and California’s Attorney General focused their attention on mobile privacy. The Senate Judiciary Committee is considering a measure that would establish legal requirements for apps that collect or share location information from mobile devices. A Democratic congressman released for […]
On Tuesday, October 30, the California Attorney General Kamala Harris announced that her office has begun “formally notifying” mobile device application (“app”) operators that they are out of compliance with the notice provisions of the California Online Privacy Protection Act of 2003 (“CalOPPA”). The letters are a reminder that app developers and their partners should review their app data privacy and security practices and ensure that any apps collecting PII comply with the CalOPPA requirements, as well as other applicable Federal and state laws.
On October 11, 2012, the U.S. Government Accountability Office (GAO) issued a report titled “Mobile Device Location Data: Additional Federal Actions Could Help Protect Consumer Privacy.” Requested by Sen. Al Franken (D-MN), the Report recognizes the efforts of Federal agencies to protect consumer privacy when using mobile devices but calls for additional action
Following up on a public workshop held earlier this year, today the Federal Trade Commission (FTC) issued a set of truth-in-advertising and privacy guidelines for mobile device application (app) developers. Titled “Marketing Your Mobile App: Get it Right From the Start,” the guidelines provide an overview of key issues for all app developers to consider.
Comments filed recently with the Federal Communications Commission (FCC) show a deep divide over whether the agency should pursue further action to address privacy and security of information stored on mobile devices. Reply comments are due soon.
Two recent federal cases alleging privacy violations in the mobile context have been allowed to proceed based on novel damages allegations. The long-standing presumption that mere exposure of personal data is insufficient for standing and damage actions may become irrelevant if plaintiffs are able to link the exposure to increased costs of device usage.
NTIA has announced that it will hold the first meeting in its long-awaited privacy multistakeholder process on July 12, 2012, focusing on mobile application transparency issues.
Today the Federal Trade Commission (FTC) issued its long-awaited privacy report, “Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers,” which is intended to articulate “best practices” for companies that collect and use consumer data, and to assist Congress as it considers new privacy legislation.
A new agreement this week between mobile app platform operators and the California Attorney General effectively creates enforceable, nationwide mobile app privacy standards that companies will need to follow going forward.
The FTC yesterday issued a staff report calling upon members of the mobile app ecosystem to provide better privacy notices to parents about mobile apps directed to children. The report is described in this blog entry.
A draft bill circulating on the Hill would impose new regulations on companies involved in the mobile “app” ecosystem, including wireless service providers, equipment manufacturers, device retailers, operating system providers, website operators, and other online service providers.
This blog entry describes and links to articles from today’s Wall Street Journal and New York Times concerning the proliferation of appps (at the expense of software manufacturers) and the issue of app privacy, and how industry is addressing it. Hogan Lovells’ Chris Wolf is quoted in the Times article on how app developers should invest in creating privacy policies as a fundamental requirement, and a free webinar on app privacy hosted by the Mobile Marketing Association in conjunction with the Future of Privacy Forum is described, with a registration link.