The role of COVID-19 contact tracing apps in the exit strategy of the current lockdown that is gripping much of the world is increasingly becoming a focus of attention. While that role is being hotly debated, it is very likely that those apps in combination with other measures will be deployed across many countries. Until now and despite the calls by influential bodies such as the European Data Protection Supervisor for a coordinated approach to the development of single COVID-19 mobile app involving the World Health Organization, different countries have adopted their own strategies.
On Tuesday, October 30, the California Attorney General Kamala Harris announced that her office has begun “formally notifying” mobile device application (“app”) operators that they are out of compliance with the notice provisions of the California Online Privacy Protection Act of 2003 (“CalOPPA”). The letters are a reminder that app developers and their partners should review their app data privacy and security practices and ensure that any apps collecting PII comply with the CalOPPA requirements, as well as other applicable Federal and state laws.
Following up on a public workshop held earlier this year, today the Federal Trade Commission (FTC) issued a set of truth-in-advertising and privacy guidelines for mobile device application (app) developers. Titled “Marketing Your Mobile App: Get it Right From the Start,” the guidelines provide an overview of key issues for all app developers to consider.
Comments filed recently with the Federal Communications Commission (FCC) show a deep divide over whether the agency should pursue further action to address privacy and security of information stored on mobile devices. Reply comments are due soon.
The FTC yesterday issued a staff report calling upon members of the mobile app ecosystem to provide better privacy notices to parents about mobile apps directed to children. The report is described in this blog entry.
The trend towards dismissal for lack of standing in privacy cases where no concrete harm is alleged continues. On a motion to dismiss, a group of consolidated privacy lawsuits against Apple and others in the Northern District of California have been dismissed for lack of standing due to the absence of any allegation of concrete injury. The court rejected attempts to invent new damage theories and while leave to re-file was granted, the court made clear the high standards of pleading required for standing and also highlighted the other pleading defects in the case that would be disabling were the plaintiffs to try again.