Internet Law

Online Privacy, Mobile Apps, Privacy Policies, Terms and Conditions

All mobile app developers are faced with growing legal and business challenges if they sell their services to California residents. And who doesn’t sell in California? Led by Grant | Shenon partner Adam Grant, our Mobile App Practice Group provides mobile app developers with comprehensive legal services, protections, and solutions in order to easily sell their online services in California.Websites and mobile apps should use effective terms of use and privacy policy statements that address the business’ consumer base and privacy practices. These policies must comply, or the business may be liable for significant statutory penalties and attorneys’ fees.

A privacy policy is a legal instrument or statement that explains to the user how the organization collects, stores, uses and distributes the user’s information (such as name, password, phone number, age, medical information, address, credit history, etc) and how it is subject to the users’ privacy controls. Special privacy policies are sometimes required for children by some states, including California. The Health Insurance Portability and Accountability Act (HIPAA) requires written notice of the privacy policies of healthcare service providers. The law in California is perhaps the most comprehensive and includes the California Privacy Rights Act of 2020 (CPRA) and the Children’s Online Privacy Protection Act (COPPA).

With mobile application privacy concerns on the rise, enforcement of existing online privacy protection laws is increasing. Businesses and organizations developing mobile apps must ensure their programs are in compliance with new California compliance regulations and laws, including the acts mentioned above and the California’s Online Privacy Protection Act (CalOPPA).

Privacy Certification Programs

One way that organizations can test and publicly showcase their compliance with the law is through certification programs. These programs are examples of industry self-regulation. One of these programs is called TrustArc. This organization offers a TRUSTe certification and helps others to assess their privacy practices. It helps them to identify and remediate their activities and ultimately receive the seal of certification.

Using TrustArc, privacy leaders are empowered to navigate through complexity, and simplify and embed privacy into the DNA of their organizations. They are able to understand requirements quickly, plan and prioritize intelligently, act rapidly, and measure and deliver ongoing results that demonstrate proactive privacy, governance, risk and accountability management. (

Our cyber law attorneys are tech-forward and often early adopters of new technology and apps.  We can help you work with certification organizations like TrustArc, eTrust, and Webtrust.  We love to encourage and facilitate app creation and can provide full support to your organization in the following areas:Mobile App Services include:

Speech and Website Protections

A fairly misunderstood area of law is Section 230 of the Communications Decency Act of 1996 (47 U.S.C. §230). This law affords immunity to certain websites from harmful speech. While protecting freedom of expression and speech, it also allows for a fair amount of harmful speech and misinformation by giving certain types of websites (including Facebook, Twitter, YouTube, Vimeo, and Amazon, among others) immunity for objectionable content. The fear is that without this law, there would be innumerable lawsuits and it would drive websites out of business. In order to determine if your organization is immunized by this federal law, please contact one of our attorneys today. We would be honored to help you!