Apple is days away from releasing the public version of iOS14.5, which will bring a seismic shift in the way the operating system functions with respect to privacy. In particular, the operating system introduces two major changes.

The first change is a requirement that all apps must include a privacy nutrition label within the App Store that helps users better understand the app developer’s privacy practices prior to download (this feature is actually already live). The second change is a requirement that all apps that use information for tracking purposes must obtain opt-in consent from the user prior to engaging in such tracking.

As a privacy lawyer in the ad tech space, I’ve been closely watching the dialogue around iOS14 since these changes were unveiled at WWDC last June, and I thought it would be helpful to provide my thoughts on these changes. This post reflects my own opinion, and not those of the firm or anyone else.


Continue Reading iOS 14.5: An Imperfect Step Forward for Privacy

On April 29, 2020, Google and Apple released the first version of their COVID-19 contact tracing tools to public health organizations. The tools, first announced by the companies on April 10th, aim to help public health agencies build apps to track and contain the virus. This article discusses how the contact tracing tools work, the planned two-phase implementation for the tools, and some of the privacy questions around the tools.

How Do the Tools Work?

“Contact-tracing” is not a new concept. The concept is that a society can limit the spread of a virus by tracing whom a person who has tested positive with a virus has recently come in contact with, and notifying those individuals to further prevent the spread of the virus. For example, if John tests positive for the virus and visits a grocery store, part of the contact tracing process would be to find and notify those individuals who came close to him in the grocery store. As you can imagine, contact tracing has historically been a laborious and inaccurate process that requires a manual review of an infected person’s interactions.

Google and Apple’s partnership aims to dramatically improve the contact tracing process by using Bluetooth technology within an infected person’s cell phone to determine whom the person has interacted with and notifying those other people. The partnership is particularly notable because it involves the creation of shared standards between two tech giants that rarely allow for any interoperability. Below is an example of how the tools work:
Continue Reading Google and Apple Release First Version of Contact Tracing Tools

Over the last few months, we’ve witnessed some major developments around SDKs and privacy. In February, the SDK defendants named in the consolidated McDonald/Rushing putative COPPA class action settled with plaintiffs. In late March, Zoom experienced a PR nightmare due, in part, to its inclusion of the Facebook SDK in its platform (discussed further in our Zoom blog). In mid-April, the Ninth Circuit reinstated a lawsuit against Facebook for alleged privacy violations in connection with its use of tracking technologies on third party websites. And this past Wednesday, the US District Court for New Mexico granted a motion to dismiss, the privacy claims against ad networks providing SDKs in child-directed apps.

In this blog, we’ll break down the New Mexico District Court order, and provide some observations from the decision. We are also using this blog as a springboard for a follow-up webinar that will discuss the state of affairs for SDKs and privacy. More to follow on the webinar soon.

  • Background on the New Mexico District Court Case


Continue Reading SDKs and COPPA: An Overview of the Recent Court Order in the New Mexico Attorney General COPPA Lawsuit

For the moment it depends who you ask. In recent weeks, we have heard talk of walls and borders.  But some at the Department of Justice are working to break down barriers and convince the courts that they can gain access to a person’s data regardless of where it is ultimately stored.  In this post I address two recent cases that reached completely different results on whether the government can enforce a warrant that seeks data from a U.S. company but that is stored in a foreign country. 
Continue Reading Blurred Lines: Can the Government Seize U.S. Data Housed in a Foreign Country?