Lesson 1How Privacy Laws Work with Other Rules (Consumer Protection, Advertising, Telecoms) for Mobile AppsThis part looks at how privacy rules mix with consumer protection, advertising tech, and telecom laws, explaining how mobile tracking, in-app ads, tricky designs, and carrier or messaging rules bring together compliance and enforcement challenges.
Consumer protection standards for mobile user experienceAdtech tracking, SDKs, and profiling limitsDark patterns and tricky consent processesTelecom and messaging privacy rulesPlatform and app store policy linksLesson 2User Rights: Access, Correction, Deletion, Restriction, Portability, Objection, and Rights on Automated DecisionsThis part explains GDPR and CCPA-style user rights for mobile apps, covering access, fixes, deletion, limits, portability, objections, and automated decision rights, plus how to set up workable in-app request systems.
Access and correction processes in appsDeletion, restriction, and keeping data conflictsData portability formats and delivery choicesObjection and opt-out from profiling or adsRights on automated decisions and appealsLesson 3Cross-Border Data Transfer Rules: EU Adequacy Decisions, Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), and Transfer Impact ChecksThis part looks at cross-border data transfer methods for mobile apps, including EU adequacy, SCCs, BCRs, exceptions, and transfer impact checks, and shows how to map data flows and handle vendor and cloud provider risks.
Mapping international data flows for mobile appsUsing SCCs with vendors and cloud providersBinding Corporate Rules for global app teamsAdequacy decisions and local storage optionsDoing and recording TIAs for transfersLesson 4Overview of US Federal Privacy Rules for Mobile Apps (COPPA, HIPAA Context, FTC Act Power) and Picking State Laws to Focus On (California CCPA/CPRA)This part maps key US federal privacy tools for mobile apps, including COPPA, HIPAA, and FTC Act power, and explains how to sort out overlapping state privacy laws, focusing on California’s CCPA and CPRA duties.
COPPA scope and child-focused mobile servicesHIPAA rules for health and wellness appsFTC Act Section 5 unfair and tricky practicesOverview of CCPA/CPRA rights and dutiesState privacy law trends beyond CaliforniaLesson 5Main GDPR Principles: Lawfulness, Fairness, Openness, Purpose Limits, Data Minimisation, Accuracy, Storage Limits, Integrity and ConfidentialityThis part breaks down core GDPR principles and how they guide mobile app design, explaining lawfulness, fairness, openness, purpose limits, data minimisation, accuracy, storage limits, and security, with real examples for product teams.
Lawfulness, fairness, and openness basicsPurpose limits and compatible reuse checksData minimisation in features and SDK choicesAccuracy, retention rules, and deletion logicIntegrity, confidentiality, and security by designLesson 6Openness Duties: Information to Give (Privacy Notices), Layered Notices, Timing, and Language for App UsersThis part details how to make clear, layered privacy notices for mobile apps, covering required info, timely prompts, user experience placement, language and localisation, and update ways that regulators expect for informed user choices.
Required content of mobile privacy noticesLayered and timely notice methodsPlacement in app stores and in-app flowsSimple language, localisation, and accessibilityUpdating notices and sharing changesLesson 7Legal Grounds for Processing under GDPR and US Equivalents: Consent, Contract Needs, Legitimate Interests, Vital Interests, Legal DutyThis part looks at GDPR legal grounds and their US matches, explaining when to use consent, contract, legitimate interests, vital interests, or legal duty in mobile apps, and how to record and defend each choice in real life.
Picking the right legal ground per featureConsent vs contract needs in appsLegitimate interests checks and balancingVital interests and legal duty in practiceUS matches: notice, choice, and fairnessLesson 8Consent Rules for Mobile Apps: Detailed, Separate, Freely Given, Positive Action, and Record-Keeping; Age Checks and Parental Consent IssuesThis part covers valid consent for mobile apps under GDPR and US standards, including detail, separation, positive action, withdrawal, records, and special processes for age checks, young users, and parental approval.
Detailed and separate consent setupPositive action and avoiding pre-checked boxesConsent withdrawal and preference centresConsent records and audit-ready logsAge checks, COPPA, and parental verificationLesson 9Key Definitions and Scope: Personal Data, Special Categories, Profiling, Automated Decisions, Controller vs Processor, Joint Controllers, EU RepresentativeThis part clears up key GDPR definitions and area coverage for mobile apps, including personal data, special categories, profiling, automated decisions, controller vs processor roles, joint control, and EU representative duties.
Personal data and pseudonymisation in practiceSpecial categories and sensitive app dataProfiling and automated decision checksController, processor, and joint controller rolesEU representative and DPO triggers for apps
