Lesson 1Interaction between privacy laws and other regulatory regimes (consumer protection, advertising rules, telecoms) relevant to mobile appsThis section explores how privacy rules intersect with consumer protection, adtech, and telecom regulations, explaining how mobile tracking, in-app ads, dark patterns, and carrier or messaging rules create combined compliance and enforcement risks for apps used in Botswana.
Consumer protection standards for mobile UXAdtech tracking, SDKs, and profiling limitsDark patterns and manipulative consent flowsTelecom and messaging confidentiality rulesPlatform and app store policy interactionsLesson 2Data subject rights: access, rectification, erasure, restriction, portability, objection, and rights related to automated decision-makingThis section explains GDPR and CCPA style user rights for mobile apps, including access, correction, deletion, restriction, portability, objection, and automated decision-making rights, plus how to build scalable in-app request workflows suitable for Botswana users.
Access and correction workflows in appsErasure, restriction, and retention conflictsData portability formats and delivery optionsObjection and opt‑out of profiling or adsRights around automated decisions and appealsLesson 3Cross-border data transfer frameworks: EU adequacy decisions, Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), and transfer impact assessmentsThis section examines cross-border data transfer tools for mobile apps, including EU adequacy, SCCs, BCRs, derogations, and transfer impact assessments, and explains how to map data flows and manage vendor and cloud provider risks in a Botswana context.
Mapping international data flows for mobile appsUsing SCCs with vendors and cloud providersBinding Corporate Rules for global app groupsAdequacy decisions and local storage optionsConducting and documenting TIAs for transfersLesson 4Overview of federal U.S. privacy frameworks relevant to mobile apps (COPPA, HIPAA context, FTC Act authority) and identifying state laws to prioritize (California CCPA/CPRA)This section maps key U.S. federal privacy tools affecting mobile apps, including COPPA, HIPAA, and FTC Act authority, and explains how to triage overlapping state privacy laws, with emphasis on California’s CCPA and CPRA obligations applicable to Botswana developers.
COPPA scope and child‑directed mobile servicesHIPAA applicability to health and wellness appsFTC Act Section 5 unfair and deceptive practicesOverview of CCPA/CPRA rights and dutiesState privacy law trendspotting beyond CaliforniaLesson 5Core GDPR principles: lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentialityThis section unpacks core GDPR principles and how they guide mobile app design, explaining lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limits, and security, with practical examples for product teams in Botswana.
Lawfulness, fairness, and transparency basicsPurpose limitation and compatible reuse testsData minimization in feature and SDK choicesAccuracy, retention rules, and deletion logicIntegrity, confidentiality, and security by designLesson 6Transparency obligations: information to be provided (privacy notices), layered notices, timing, and language considerations for app usersThis section details how to design clear, layered privacy notices for mobile apps, covering mandatory disclosures, just-in-time prompts, UX placement, language and localization, and update practices that regulators expect for informed user decisions in Botswana.
Mandatory content of mobile privacy noticesLayered and just‑in‑time notice techniquesPlacement in app stores and in‑app flowsPlain language, localization, and accessibilityUpdating notices and communicating changesLesson 7Lawful bases for processing under GDPR and U.S. analogues: consent, contractual necessity, legitimate interests, vital interests, legal obligationThis section analyzes GDPR lawful bases and their U.S. counterparts, explaining when to rely on consent, contract, legitimate interests, vital interests, or legal obligation in mobile apps, and how to document and defend each choice in practice for Botswana apps.
Choosing the appropriate lawful basis per featureConsent versus contractual necessity in appsLegitimate interests assessments and balancingVital interests and legal obligation in practiceU.S. analogues: notice, choice, and fairnessLesson 8Consent requirements for mobile apps: granular, unbundled, freely given, affirmative action, and recordkeeping; age verification and parental consent issuesThis section covers valid consent for mobile apps under GDPR and U.S. expectations, including granularity, unbundling, affirmative action, withdrawal, records, and specialized flows for age gates, teen users, and parental authorization in Botswana.
Granular and unbundled consent architectureAffirmative action and avoiding pre‑ticked boxesConsent withdrawal and preference centersConsent logging and audit‑ready recordsAge gates, COPPA, and parental verificationLesson 9Key definitions and scope: personal data, special categories, profiling, automated decision-making, controller vs processor, joint controllers, representative in the EUThis section clarifies key GDPR definitions and territorial scope for mobile apps, including personal data, special categories, profiling, automated decisions, controller versus processor roles, joint controllership, and EU representative duties relevant to Botswana.
Personal data and pseudonymization in practiceSpecial categories and sensitive app dataProfiling and automated decision‑making testsController, processor, and joint controller rolesEU representative and DPO triggers for apps
