Lesson 1How privacy laws work with other rules like consumer protection, advertising, and telecom for mobile appsThis part looks at how privacy rules mix with consumer protection, online ads, and telecom laws. It explains risks from mobile tracking, in-app adverts, tricky designs, and carrier or messaging rules that can lead to compliance issues.
Consumer protection standards for mobile UXAdtech tracking, SDKs, and profiling limitsDark patterns and manipulative consent flowsTelecom and messaging confidentiality rulesPlatform and app store policy interactionsLesson 2User rights: access, correction, deletion, restriction, portability, objection, and rights against automated decisionsThis part explains GDPR and CCPA user rights for mobile apps, covering access, fixes, deletion, limits, portability, objections, and automated decision rights. It also covers building simple in-app systems to handle these requests.
Access and correction workflows in appsErasure, restriction, and retention conflictsData portability formats and delivery optionsObjection and opt‑out of profiling or adsRights around automated decisions and appealsLesson 3Cross-border data transfer rules: EU adequacy, Standard Contractual Clauses, Binding Corporate Rules, and transfer risk checksThis part covers tools for moving data across borders in mobile apps, like EU adequacy decisions, SCCs, BCRs, exceptions, and risk assessments. It shows how to track data flows and handle risks from vendors and cloud services.
Mapping international data flows for mobile appsUsing SCCs with vendors and cloud providersBinding Corporate Rules for global app groupsAdequacy decisions and local storage optionsConducting and documenting TIAs for transfersLesson 4Main US federal privacy rules for mobile apps (COPPA, HIPAA background, FTC powers) and key state laws like California CCPA/CPRAThis part outlines key US federal privacy rules for mobile apps, including COPPA for kids, HIPAA context, FTC powers, and how to prioritise state laws, especially California's CCPA and CPRA requirements.
COPPA scope and child‑directed mobile servicesHIPAA applicability to health and wellness appsFTC Act Section 5 unfair and deceptive practicesOverview of CCPA/CPRA rights and dutiesState privacy law trendspotting beyond CaliforniaLesson 5Main GDPR principles: lawful processing, fairness, transparency, purpose limits, data minimisation, accuracy, storage limits, securityThis part breaks down core GDPR principles and how they shape mobile app design. It covers lawful processing, fairness, transparency, purpose limits, minimising data, accuracy, storage rules, and security with real examples for teams.
Lawfulness, fairness, and transparency basicsPurpose limitation and compatible reuse testsData minimization in feature and SDK choicesAccuracy, retention rules, and deletion logicIntegrity, confidentiality, and security by designLesson 6Transparency duties: what info to give (privacy notices), layered notices, timing, and language for app usersThis part explains designing clear layered privacy notices for mobile apps, including required info, timely prompts, user interface placement, languages, and updates that regulators expect for user choices.
Mandatory content of mobile privacy noticesLayered and just‑in‑time notice techniquesPlacement in app stores and in‑app flowsPlain language, localization, and accessibilityUpdating notices and communicating changesLesson 7Legal grounds for processing under GDPR and US equivalents: consent, contract needs, legitimate interests, vital interests, legal dutiesThis part reviews GDPR legal grounds and US versions, explaining when to use consent, contracts, legitimate interests, vital interests, or legal duties in apps, and how to record and justify choices.
Choosing the appropriate lawful basis per featureConsent versus contractual necessity in appsLegitimate interests assessments and balancingVital interests and legal obligation in practiceU.S. analogues: notice, choice, and fairnessLesson 8Consent rules for mobile apps: specific, separate, free, active choice, records; age checks and parental consentThis part covers proper consent for mobile apps under GDPR and US rules, including detail, separation, active choice, withdrawal, records, and special flows for age verification, young users, and parents.
Granular and unbundled consent architectureAffirmative action and avoiding pre‑ticked boxesConsent withdrawal and preference centersConsent logging and audit‑ready recordsAge gates, COPPA, and parental verificationLesson 9Key terms and scope: personal data, sensitive data, profiling, automated decisions, controller vs processor, joint controllers, EU repThis part clarifies key GDPR terms and scope for mobile apps, including personal data, sensitive categories, profiling, automated decisions, controller/processor roles, joint control, and EU representative duties.
Personal data and pseudonymization in practiceSpecial categories and sensitive app dataProfiling and automated decision‑making testsController, processor, and joint controller rolesEU representative and DPO triggers for apps
