Majority of the United States population use a smart phone that can download a mobile application (apps). Usually mobile apps are downloaded by going to an app store, search for an app, and download the app of your choice. Depending on the choice of the app. developer, the app can be free, pay only with initial trial period, and commercial purposes. There are some unique situations for EULA associated with mobile apps in the form of “privacy,” and “advertising.” Privacy issues can be categorized into the following:
(a) Finance related app privacy issues.
(b) Healthcare related app privacy issues in the form of HIPAA.
(c) Technology related app privacy; and
(d) Advertising by app. developer or 3rd parties.
(a) Finance related app privacy issues: The financial apps provided by financial organizations such as banks (BOA app, Chase Bank app, Capital One, Citi Bank, American Express app, US Bank, Wells Fargo app etc), insurance company service apps, organizations that give loans based on information entered on their app, consumer report agencies, information collected on a landlord application through app etc come under Gramm-Leach-Bliley Act (GLBA) and Fair Credit Report Act (FCRA) laws respectively. These laws are enforced by Federal Trade Commission (FTC) Act when there is a “unfair or deceptive acts or practices through interstate commerce.” All enterprise level financial institutions have an internal department that manage these issues through co-ordination between privacy lawyers and I.T. team. Financial institutions cannot sell personal information to third parties or use this information in a deceptive manner without affirmative consent from the app. user.
(b) Healthcare related app privacy issues in the form of HIPAA: Some healthcare apps helps individuals reach desired goals by providing information about a health situation, general wellness information such as tracking calories burnt while exercising, number of miles walked etc. These apps do not fall under the jurisdiction of Federal Drug Administration (F.D.A.). Some other apps act as “medical devices,” in the form of providing diagnosis, prevention, and mitigation etc. Those apps that are acting or replicating the function of “medical devices,” need prior approval from Federal Drug Administration (F.D.A.).
(c) Technology related app privacy: Companies that create apps for their company services also need to be aware of the few federal rules and compliance with European Union’s General Data Protection Regulation (GDPR). Under Children’s Online Privacy Protection Act (COPPA), children under the age of 13, who access mobile apps need explicit permission from parents in the form of entering app. password for authentication purposes etc. European Union requires the apps that handle personal information of EU citizens outside of EU, to be stored and not shared in a certain manner. The EU-US privacy shield is a guideline for US companies to comply with EU privacy laws.
(d) Advertising by app developer or 3rd parties: As per FTC guidelines, the mobile app. developers who provide description of the app along with public statements about it constitute advertising. Explicit permission of the app user is required when the personal information such as Geo-location in a mall etc is shared with 3rd party service provider, even though the service to the app user is beneficial. The 3rd party service provider collects lot of information through the free service to the app user. When the 3rd party service provider shares that information to the app developer or others for strategies to sell their product better to the app user, that is a problem due to the deceptive nature of the transaction.
The EULA for mobile app is also granted for a (i) limited purpose, (ii) non-transferable, (iii) non-exclusive, and (iv) non-sublicensable (usually). Other terms of the EULA such as risk allocation depends on the nature of the app. service, location, customer base etc.