29 June 2019
A push notification is a message from an app that pops up at random times on a mobile device.
They're typically formatted like mobile alerts and text messages, and pop up regardless of whether a user is actually within the app at the time or not.
Push notifications are intended to provide an enhanced user experience after downloading an app. For example, downloading a sports app and allowing push notifications will give you notifications of things like score updates and final game scores. Weather app push notifications can let you know if a dangerous weather event has suddenly started in the area you're in.
Here's an example of a push notification from H&M that encourages a user to shop for boots to go with a jacket she recently bought via the H&M app:
Here's one from KAYAK that lets a user know that the price just dropped on a flight he's watching.
Push notifications can let users know when others have interacted with their social media accounts by liking photos or leaving comments, as seen in this Android push notification from Luca.
All iOS apps are required to have a user opt in to receive push notifications, such as by tapping "OK" in the example push notification request seen here:
Android and Fire OS don't require a user to opt in to receiving these notifications from apps.
The short answer is yes.
In April of 2013, the Federal Trade Commission (FTC) released an update to their existing COPPA FAQ. In the older version, there was a differentiation between what information apps could use to send push notifications without it qualifying as being "personal information."
If anonymous screen names and usernames were used to send the push notifications, this wouldn't count as personal information, even where these push notifications included advertising, collecting and using of information.
The FTC said that this would constitute "performing network communications," "maintaining or analyzing the function of the web site or online service," and "supporting internal operations" and would not necessarily rise to the level of counting as the use of "personal information."
The update to the FAQ changes this and makes things so that if you use any information (including anonymous screen names and usernames) to send push notifications, it is considered as the use of "personal information."
Apple's iOS Developer Program License Agreement (PLA) states that all iOS apps must comply with all applicable privacy laws and regulations in any jurisdictions where your app may be offered.
It also states: "You and the Application must comply with all applicable privacy and data collection laws and regulations with respect to any collection, use or disclosure of user or device data."
"You agree that if you use the Store to distribute Products, you will protect the privacy and legal rights of users. If the users provide you with, or your Product accesses or uses, user names, passwords or other login information or personal information, you must make the users aware that the information will be available to your Product, and you must provide a legally adequate privacy notice and protection for those users."
Push notifications are an effective method for reaching and engaging with your users. This has led to a number of third party push notification delivery system companies being created to help apps deliver push notifications to their users.
These third parties each have their own Privacy Policies and requirements when it comes to user privacy and handling push notifications.
OneSignal's Terms of Service has a section about Consumer Control & Opt-Out Options. Users are informed that they "may in most cases opt out of receiving push notifications by going to your device "Settings" and clicking on "Notifications," and then changing those settings for some or all of the apps on your device."
CleverTap's Terms of Service has a section about "Data Collection." This section thoroughly outlines restrictions, limitations and requirements on how user personal information must be dealt with. The very first sentence states that "each Party will comply with applicable laws, including applicable privacy laws."
Firebase is a popular web and mobile app development platform powered by Google. To use Firebase, developers must agree to be bound by the Google APIs Terms of Service agreement and the Google API Services: User Data Policy.
The Google APIs Terms of Service requires that developers:
The Google API Services: User Data Policy goes into more detail about what's expected when it comes to how user data and personal information is to be handled. You must:
This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.