June 18, 2019

June 18, 2019

Subscribe to Latest Legal News and Analysis

June 17, 2019

Subscribe to Latest Legal News and Analysis

Privacy Tip #177 – What is Session Replay Technology?

This week, I learned a new thing. Many things actually, but one, in particular, that was really eye-opening for someone who has been a privacy professional for as long as I have.

Session replay technology. I had never heard of it before. I found out about it because Apple is now telling its app developers that they have to disclose the use of session replay technology in order to be included in the app store. So this requirement by Apple piqued my interest.

Session replay technology is used by companies such as Glassbox, a customer experience analytics firm, to allow app developers to get real-time analytics on how users interact with apps by using session replay technology. This means that the technology is embedded in the app and allows the developers to record the screen of the cellphone while the user is using the app and they later play the recording back to see how the user interacted with the app. The technology allows the app developer to record and playback every tap, keyboard entry, and swipe of the user. This is effectively a real-time screenshot of the user’s screen while the user is using the app.

Most apps don’t tell you if they are using session replay technology in their Privacy Policy. Apple felt strongly enough about the privacy implications of the use of session replay technology that it is telling developers to either remove the use of the session replay technology or properly disclose it to users. According to Apple, “Our App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity.”

Name brands use session replay technology and are recording users’ every move on their screens. Although we continue to recommend that users read companies’ privacy policies before download an app, in this case, privacy policies do not include the use of session replay technology and Apple has come to the consumers’ rescue.

Copyright © 2019 Robinson & Cole LLP. All rights reserved.


About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...