Lesson 1How privacy laws work with other rules like consumer protection, advertising, and telecom for mobile appsThis part looks at how privacy rules mix with rules on protecting buyers, ad technology, and telecom. It explains how tracking on mobiles, ads inside apps, tricky designs, and rules from carriers or messaging create risks for following laws and getting in trouble.
Buyer protection rules for mobile user experienceAd technology tracking, software kits, and limits on user profilesTricky designs and manipulative ways to get consentTelecom and messaging rules on keeping things privateHow platform and app store policies interactLesson 2User rights: getting access, fixing errors, deleting data, limiting use, moving data, objecting, and rights on automatic decisionsThis part explains user rights like those in GDPR and CCPA for mobile apps. It covers getting access, correcting data, deleting it, limiting use, moving data, objecting, and rights on automatic decisions. It also shows how to build easy ways in apps to handle these requests.
Ways to access and correct data in appsDeleting, limiting, and keeping data without conflictsFormats and ways to move dataObjecting and opting out of profiles or adsRights on automatic decisions and ways to appealLesson 3Ways to move data across borders: EU decisions on enough protection, Standard Contractual Clauses, Binding Corporate Rules, and checking transfer risksThis part looks at tools for moving data across borders in mobile apps. It includes EU decisions on enough protection, Standard Contractual Clauses, Binding Corporate Rules, exceptions, and checking transfer risks. It explains how to map data paths and handle risks from vendors and cloud services.
Mapping data flows across countries for mobile appsUsing Standard Contractual Clauses with vendors and cloud servicesBinding Corporate Rules for global app teamsDecisions on enough protection and keeping data localDoing and recording Transfer Impact Assessments for movesLesson 4Main U.S. federal privacy rules for mobile apps like COPPA, HIPAA context, FTC Act power, and picking state laws to focus on like California CCPA/CPRAThis part maps key U.S. federal tools for privacy in mobile apps, including COPPA for kids, HIPAA for health, and FTC Act power. It explains how to sort out overlapping state privacy laws, focusing on California’s CCPA and CPRA duties.
COPPA reach and services for children on mobilesHIPAA use for health and wellness appsFTC Act Section 5 on unfair and tricky practicesOverview of CCPA/CPRA rights and dutiesSpotting trends in state privacy laws beyond CaliforniaLesson 5Main GDPR principles: following the law, being fair, open, limiting purpose, minimizing data, keeping accurate, limiting storage, keeping safe and privateThis part breaks down main GDPR principles and how they guide making mobile apps. It explains following the law, being fair, open, limiting purpose, minimizing data, keeping accurate, storage limits, and security, with real examples for product teams.
Basics of following law, fairness, and opennessTests for limiting purpose and reusing data safelyMinimizing data in features and software kit choicesAccuracy, keeping rules, and deletion stepsSafety, privacy, and security from the startLesson 6Duties to be open: information to give like privacy notices, layered notices, timing, and language for app usersThis part details how to make clear, layered privacy notices for mobile apps. It covers what must be told, timely prompts, where to place in user experience, language and local ways, and update practices that officials expect for users to make good choices.
What must be in mobile privacy noticesLayered and timely notice waysPlacement in app stores and inside app stepsSimple language, local versions, and easy accessUpdating notices and telling about changesLesson 7Legal reasons for processing under GDPR and U.S. similar: consent, need for contract, legitimate interests, vital interests, legal dutyThis part looks at GDPR legal reasons and U.S. matches. It explains when to use consent, contract need, legitimate interests, vital interests, or legal duty in mobile apps, and how to record and defend each choice in real work.
Picking the right legal reason per featureConsent vs contract need in appsAssessing and balancing legitimate interestsVital interests and legal duty in practiceU.S. matches: notice, choice, and fairnessLesson 8Consent needs for mobile apps: detailed, separate, freely given, positive action, and keeping records; checking age and parent consent issuesThis part covers good consent for mobile apps under GDPR and U.S. hopes. It includes details, separating, positive action, taking back, records, and special steps for age checks, young users, and parent okay.
Detailed and separate consent setupPositive action and avoiding pre-checked boxesTaking back consent and preference placesLogging consent and ready-for-check recordsAge checks, COPPA, and parent checksLesson 9Key meanings and reach: personal data, special types, profiling, automatic decisions, controller vs processor, joint controllers, EU representativeThis part makes clear key GDPR meanings and reach for mobile apps. It includes personal data, special types, profiling, automatic decisions, controller vs processor roles, joint control, and EU representative duties.
Personal data and making it not identifiable in practiceSpecial types and sensitive app dataTests for profiling and automatic decisionsController, processor, and joint controller rolesEU representative and data officer triggers for apps
