It’s no secret that apps run our lives. The advancement of mobile technologies has opened the gates to a plethora of goods and services, now easily available at our fingertips. With the increased use of smart devices and accessing the internet through them (56% as of 2021), app development has evolved into an attractive market. However, not many are aware of the legalities involved in app development, specifically when it comes to data privacy.
Nevertheless, WhatsApp confirmed and assured the consumers on the continuation of end-to-end encryption of the regular chats sent via the App. Lastly, the changes brought along severe privacy concerns for the consumers which resulted in their change of preference to other similar Apps, such as Signal or Telegram. The trade in was easily motivated by better privacy assurances on the part of these less commercialized Apps.
But is there a trite law regarding these Apps? The answer varies according to multiple contingencies. All Apps receive, collect, and use data. Such usage regimes are pre agreed by the consumers via the clickwrap agreements. Voluntary disclosure of data keeps the Apps aside from otherwise heavy litigation.
The drawback is that many jurisdictions have little normative or procedural history in dealing with similar issues. We have found the most prominent examples in the practice of the US Courts.
As the Ninth Circuit held in Nguyen vs. USA, “[T]he onus must be on website owners to put users on notice of the terms to which they wish to bind consumers”. In Michael Rodman vs. Safeway Inc., the Court held: “The safeway.com agreement did not give Safeway the power to bind its customers to unknown future contract terms, because consumers cannot assent to terms that do not yet exist. A user confronting a contract in which she purports to agree to terms in whatever form they may appear in the future cannot know to what she is are agreeing.”
The approach of such judiciary practice tends to uniformly imply that the online environments need to be reasonable, understandable and easily accessible to all consumers, not only to the ones who are familiar with the data and tech ecosystems.
In 2019, the data protection authority in Hamburg, Germany, notified Facebook of their intention to make use of the GDPR Art. 66, which allows a national agency to order data processing to stop if there is “an urgent need to act in order to protect the rights and freedoms of data subjects”. The action came in response to Facebook manually reviewing certain Google Assistant consumers’ audio snippets.
In the case of WhatsApp, however, what changed the App’s position towards its intended change of terms was less the regulation; such a shift was commercially driven by the hypothesis of losing consumers (users). Ideally, it should be the regulatory environment to buffer any unreasonable changes in terms, not the loss of profit associated with the terms.
Finally, given that not all Apps are notorious and exposed to the public eye (such as Whatsapp), it is our recommendation that consumers should be able to assess a few simple elements before using such “unsanctioned” Apps. This would safeguard, at least until the time that uniform regulation is enacted, their interests; by this, they may investigate how an app uses data, if it transfers it in different jurisdictions, if is uses secure encryption and related technology, if the App is run by a legitimate company or corporate set up, if it profiles consumers etc. Overall, few simple steps that would help mitigate the detritus of the online ecosystems.
 No. 07-30197, Plaintiff-Appellee,D.C. No.v.CR-05-00270-05-RSL, https://law.justia.com/cases/federal/appellate-courts/ca9/07-30197/07-30197-2011-02-25.html, [last accessed on January 31 2021]
 ORDER GRANTING PLAINTIFF’S MOTION FOR PARTIAL SUMMARY JUDGEMENT; SETTING CASE MANAGEMENT CONFERENCE, Re: ECF Nos. 171 & 173., JON S. TIGAR, District Judge, https://scholar.google.com/scholar_case?case=5925834191658507423&hl=en&as_sdt=6&as_vis=1&oi=scholarr [last accessed on January 31 2021]