One of the often overlooked legal aspects of developing and marketing apps relates to complying with the necessary privacy regulations. Often, independent developers of apps overlook the fact that the process of downloading involves more than just focusing on creating profitable design elements, entertaining game play and using appropriate source code. It also involves accumulating private data about the users.

The following are five common questions that relate to a range of apps, from video games to informational and social media, from mobile applications to business-related software.

Privacy Protections for Developers FAQ

1. What data relating to users am I allowed to keep?
The answer to this initially concerns two different issues: (1) what is the prevailing law in the jurisdiction that governs the particular download, and (2) what is contained in the terms and conditions, privacy policy and other documentation relating to that download? Unfortunately, a robust set of terms and conditions is not always sufficient to protect against a violation of the privacy laws and regulations in all the relevant jurisdictions.

For example, the European Union’s General Data Protection Regulations (GDPR) that were implemented in May of 2018 have a multi-layered set of restrictions that concern digital privacy applicable to apps. Even the most well-crafted terms and conditions are not certain to address all those requirements, and even if they do, other jurisdictions may have additional restrictions that apply.

2. Are there any special categories that I need to be particularly focused on in terms of collecting private data?
In short, yes; there are many categories of information as to which you need to be particularly focused. An obvious example would be children. There are special laws that prohibit the collection of data regarding minors that do not apply to adults. For example, the Children’s Online Privacy Protection Act (COPPA) regulations impose requirements on the operators of websites, apps, and other online services with respect to the personal data they collect from those under the age of 13. It should be noted that there are a number of revisions and enhancements to COPPA that are currently under consideration.

3. What laws or regulations govern privacy policies and activities related to the use of online data?
There are a number of laws that concern the promulgation and enforcement of digital privacy policies. They include the previously-referenced Children’s Online Privacy Protection Act (COPPA), as well as the European Union’s EU-U.S. Privacy Shield Framework. It should be noted that the latter not only applies internationally, but also impacts the United States, since U.S.-based websites can generally be accessed by European Union citizens. In addition, if the app relates to financial transactions, that may also implicate the requirements of the Fair Credit Reporting Act and the Gramm-Leach-Bliley Act (GLBA). In addition to all this, it is critical for a webmaster to comply with its own website’s privacy policy, regardless of the prevailing statutory and regulatory framework.

4. Is there any way to protect against a violation of digital privacy laws and regulations, generally?
Not really. Whether one is purchasing the app through Google Play, Apple/iOS or some other platform—and whether that download is being effectuated in one jurisdiction or another—there is no one-size-fits-all solution. As stated, the various jurisdictions have enacted such a diverse set of such restrictions that privacy practices need to be customized to the specific uses and governing laws and regulations.

5. What does the future hold with regard to the problems inherent in collection of private digital data?
While it is impossible to know for sure, one thing is absolutely clear: the present state of affairs is completely untenable. As stated above, there are so many overlapping and contradictory requirements for providing notice to the public about compliance with privacy regulations; storing the data itself; and avoiding the resulting penalties for violating those confusing and conflicting requirements, that it is self-evident something needs to be done.

The most obvious approach would be to effectuate a worldwide digital treaty that would not only be binding upon states, provinces and other governmental subdivisions, but also be adopted by the national governments themselves. The aim would be to create a comprehensive set of requirements for downloading and storing private data. It remains to be seen whether we shall see actual progress along those lines.

Publications & Presentations

Gary D. Nissenbaum, Esq.

• Augmented Reality: Gotta Protect That IP, by Gary D. Nissenbaum, Esq. and Laura J. Magedoff, Esq., Apptentive, September 22, 2016
• Profiled in: Gary D. Nissenbaum: Ace Gaming Attorney, by David Radd, Gamesauce, September 10, 2016
• The Increasing Pace of Digital Change: Why Does Our Culture Always Seem so Blindsided?, Huffington Post, August 4, 2016
• The Intriguing Legal Ramifications of Pokémon GO, BrettTerpstra.com, July 25, 2016
• Potential Legal Approaches to a Cyberbullying (Co-author), The Young Lawyer, American Bar Association Young Lawyers Division, 2013
• Receiving Classified Information: Government Secrecy and the Litigation Process(Co-author), NJ Lawyer Magazine, October 2009
• Wrongful Posting on the Internet: The Privacy You Save Could be Your Own, NJ Lawyer Magazine, April, 2008

• 3/1/18 Interview of Mr. Nissenbaum, Systematic, “The Psychodynamics of Lawyering with Gary Nissenbaum”
• 1/22/18 Interview of Mr. Nissenbaum, Game Dev Unchained, “The Indie Legal Guide With Gary Nissenbaum”
• 11/21/17 Interview of Mr. Nissenbaum, Gamesindustry.biz Podcasts, “Licensing Your Intellectual Property”
• 11/3/17 Interview of Mr. Nissenbaum, Developer Tea Podcast, “The Future (and Past) of Legal for Developers w/Gary Nissenbaum (part 1)”
• 11/3/17 Interview of Mr. Nissenbaum, Developer Tea Podcast, “The Future (and Past) of Legal for Developers w/Gary Nissenbaum (part 2)”
• 10/19/17 Interview of Mr. Nissenbaum, Complete Developer Podcast, “Developers and the Law”
• 10/13/17 Interview of Mr. Nissenbaum, Hansel Minutes Podcast, “Latest Developments in App and Website Law Regarding Clickable Terms and Conditions”

Laura J. Magedoff, Esq.

• Augmented Reality: Gotta Protect That IP, by Gary D. Nissenbaum, Esq. and Laura J. Magedoff, Esq., Apptentive, September 22, 2016
• Potential Legal Approaches to a Cyberbullying Case (Co-author), The Young Lawyer, American Bar Association Young Lawyers Division, 2013
• New York County Lawyer's Association, EMIPS Committee Comments to New York State Bar Association Report of the Privacy Task Force, Contributing Author, March 2009
• It's All Smoke and Mirrors: State Smoking Bans and Theatrical Performances, AACT Spotlight, November, December 2008
• Wrongful Posting on the Internet: The Privacy You Save Could be Your Own, NJ Lawyer Magazine, April, 2008

• Panelist, Intellectual Property Protection & Enforcement, New Jersey Bar Association Annual Conference, Atlantic City, NJ, May 2017
• Presented Seminar, 2014 Trademark Primer: Prosecution & Enforcement Strategies Every Attorney Should Know, NJICLE, New Brunswick, NJ, November 2013
• Presented Seminar, Entertainment Law: A Crash Course in Representing Entertainers & Other "Personalities" for Every Attorney, NJICLE, New Brunswick, NJ, September 2013
• Presented Seminar, Entertainment Law 101, National Business Institute, Newark, NJ, March 2013
• Presented Seminar, Theatre and the Law, American Association of Community Theatre National Convention, New York, NY, July 2012
• Panelist, Emerging Issues in Reality Television, Seton Hall Law School Sports and Entertainment Law Symposium, Newark, New Jersey, March 2012
• Panelist, Empower - I Create Nothing. I Own it: A Panel about Establishing and Protecting your Intellectual Property as a Business Asset, New Jersey Association of Women Business Owners' Annual Conference, New Brunswick, New Jersey, October 2010
• Moderator, Engage - The most Powerful Commodity I know is Information, New Jersey Association of Women Business Owners' Annual Conference, New Brunswick, New Jersey, October 2010
• Panelist, Casino Law 2010: Game On!, 2010 South CLEFest, Atlantic City, NJ, August 2010
• Presented Seminar, Protecting Your Online Image, Various 2009-Present
• Presented Seminar, Comedy and Drama: The Legal Aspects of Community Theatre, American Association of Community Theatre National Convention, New York, NY, July 2008