Google’s internal incubator Area 120 has developed a new solution to achieve privacy compliance in Android and iOS devices. Checks, the latest project, aims to eliminate the ever-increasing complexities of adhering to many data protection regulations emerging globally.
Application development has to abide by compliance laws that govern how user data is collected/processed by applications in a particular country or a region. Google or Area 120’s Checks is explicitly designed for application developers, whether Android or iOS, to make their work a tad easier.
The platform itself is driven by artificial intelligence (AI), which offers visibility into an app’s data collection, storage, and sharing behaviors. It also flags potential non-compliance of GDPR and CPRA by applications.
Checks is the brainchild of Nia Castelly, co-founder & legal lead, and Fergus Hurley, co-founder & GM of Checks. Hurley has been working at Google in various capacities since 2013 after RadiumOne acquired his photo-sharing platform Focal Labs. Castelly, an experienced intellectual property litigation attorney, has also been at Google since 2014 in different legal roles.
Privacy laws are commonly available in the public domain. So why the need for a new platform to ensure adherence to rules? Hurley and Castelly wrote, “We’ve heard developers say it’s difficult to keep pace with regulatory and app store policy changes, and determine how those changes apply to their apps.â€
“Checks helps developers gain confidence to make informed decisions by identifying potential compliance issues, providing clear actionable insights in simple language, and offering links to relevant resources.â€
Google Checks for Privacy Compliance | Source: Google, Area 120
See More: Data Privacy Day: Top Six Common Privacy Myths Debunked
The present-day privacy landscape requires businesses to adhere to data protection laws in the regions where they operate. Regulations such as the European Union’s General Data Protection Regulation (GDPR) are steadily taking shape worldwide.
The California Privacy Rights Act (CPRA), Australia’s Privacy Amendment (Notifiable Data Breaches) to Privacy Act, Turkey’s Law on Personal Data Protection (LPDP), and South Korea’s Personal Information Protection Act are among many regional laws that have mandated greater accountability on the part of organizations or independent app vendors.
Brazil has also amended its constitution to make data protection a fundamental right, thus giving teeth to its Lei Geral de Proteção de Dados Pessoais (LGPD) or General Personal Data Protection Law for stringent enforcement.
Over half a dozen other countries, including India, China, Canada, Israel, Chile, and more, are in various stages of introducing their respective privacy laws.
Other countries, such as Japan, are two steps ahead because, besides having a recognized data privacy law, they also have something called ‘reciprocal adequacy’ to recognize the equivalency of each others’ privacy laws. This eliminates the need for instituting additional protections for cross-border data transfers between the EU and Japan.
But the EU and Japan maintain friendly trade and administrative relations. However, the same can not be said of many other countries. This is why organizations or apps cutting across borders will continue to face a complicated reality that is circumscribed by the interoperation, or lack thereof, between several privacy laws by respective countries.
Area 120 said they worked closely with 40 early adopters and have listened to feedback from hundreds of app developers. Check out the video from Google below:
Developers can request early access to Checks. The platform has four tiers viz., Free, Core ($249 per month), Premium ($499 per month), and Enterprise.
Each offers a different set of functionalities from the following: analysis of app privacy policy, permissions, network traffic, and software development kits (SDKs), regional compliance monitoring, identifying gaps in upcoming compliance requirements, automatic monitoring of data sharing practices, dedicated expert for a compliance review, code-level analysis, and natural language processing (NLP) analysis, among others.
Setting up an account is pretty straightforward and requires a Google account. Google will verify user access before performing app analysis, for which the developer needs to enter the app package name. Area 120 said Checks does not share app reports and data with the Google Play team.
Presently, Checks incorporates privacy rules of the EU, the United States, Brazil, and Google Play Store Developer Policies. The timeline for the addition of more regulations is unclear.
Let us know if you enjoyed reading this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!