What is “The Law of the App” and how do you comply with it?

Gaming operators have for years now been grappling with the full spectrum of legal requirements that apply to their online operations. Reputable online operators have, therefore, already developed a great degree of familiarity with issues like data protection, consumer law, advertising law and of course gambling regulation and the way in which these impact their online operations.

However, with more and more operators now launching mobile gaming products (whether native device apps, web-based apps or mobile websites) and with a host of recent developments in this space, from new app store rules through to regulatory investigations, gaming lawyers are increasingly being asked an important question: what specific legal issues apply to mobile gaming products that might not necessarily apply to existing website-based offerings? In other words, is there such a thing as “The Law of the App” and, if so, what steps must operators take to comply with it?

Understanding “The Law of the Platform”

Such is the dominance of a limited number of mobile app platforms like Apple’s iOS and Google’s Android that their rules have become essential reading for any organisation with a mobile strategy.

Effectively enacted via contract law through platform terms and conditions, “The Law of the Platform” can nonetheless have an even greater impact on operators’ products than the overriding legal framework of statute, case law and regulation. Changes to the Apple or Android terms can happen very quickly (and without the political, consultation or legislative processes preceding new laws or regulations). At their most extreme, they can create entirely new opportunities for operators or they can close off valuable revenue streams entirely.

In practice, the key terms that organisations need to focus on are the developer or SDK terms (the terms that much be accepted in order to build an app for the platform in question), approval policies for the app (relevant to Apple’s iOS and others, less so to Android) and the app store terms governing how the app is marketed and sold and how in-app purchases work. These terms are generally available via the platform developer websites, although in some cases the applicable terms can be harder to obtain (for example, a developer account and login may be required for certain Apple terms), in which case lawyers may need to work with developers to get hold of them.

Apple iOS and Android are currently the two dominant platforms and both have recently updated their platform rules specifically in relation to gaming apps.

In August 2013, Apple updated its App Store Guidelines. The rules require that apps offering real-money gaming must have the necessary licences and permissions in the locations in which the app is used and must be restricted to those locations. Real-money gaming apps must also be free and in-app purchases cannot be used as a mechanism to sell credit or currency for use in real-money gaming. Apps that do not meet these requirements will not survive the Apple approval process.

Google, meanwhile, takes a much more restrictive approach. Real-money gambling apps have been banned from Google Play for some time but the rules were recently amended to clarify that this policy extends to “games of skill that offer prizes of cash or other value”. In other words, apps that offer financial (or other) gain through skill gaming will no longer be permitted.

These recent changes underline the fact that product launches or updates always need to be considered with “The Law of the Platform” in mind, and gaming lawyers increasingly need to react quickly to platform changes.

Data and mobile apps

Data protection will of course not be a new issue to online operators but the application of data protection principles to mobile apps is an evolving area and the subject of growing regulatory scrutiny. So what are the key mobile app-specific data protection issues that operators need to be on top of?

The first is in relation to what (and how much) data is captured. Mobile apps, with their access to deeper stores of data, including address book, calendar, location and potentially biometric data, as well as unique device identifiers, enable an even greater level of data capture than websites. The EU’s Article 29 Working Party recently identified a trend towards “data maximisation”, with apps capturing more data than they need. Their report reminded operators of their obligations under EU data protection law (mirrored in many other jurisdictions) to carefully consider which data is strictly necessary.

The Article 29 Working Party also identified a lack of transparency (and an associated lack of free and informed consent from app users) as being a key problem with mobile apps. Device limitations (for example, screen size limitations) can make transparency and consent mechanisms difficult but, according to the Article 29 Working Party, “there is no excuse not to adequately inform end users”. What this means in practice is that “layered” privacy policies, where the initial notice contains the minimum information required by law, with more detailed information available in subsequent layers, and the use of icons, visual and audio aids, become even more important. In many cases, it may be necessary to obtain consent not just at the outset through acceptance of a privacy policy but also through contextual real-time notification (for example, when an app accesses the user’s address book).

These issues underline the importance of working closely with developer teams to establish what data the app is collecting, what it is used for and what the consent mechanisms are, to ensure that consent is obtained in the right way, and to make sure that security procedures meet the requirements of applicable law.

Consumer law

Mobile apps enable a direct interface with the consumer and are therefore subject to the full weight of consumer law. Again, there are some app-specific nuances to consider.

The first obvious issue is the need for an end user agreement. In one respect, this is no different to a website, although again device limitations put a greater pressure on operators to keep things simple when it comes to presentation and acceptance mechanisms. The layering principles described above in the context of privacy policies apply equally here. The Law of the Platform is also relevant here. In the case of Apple, if an app provider does not provide its own end user agreement, then Apple’s own end user agreement applies (and this is unlikely to be sufficient or relevant, particularly in the case of gambling apps). Even if operators do provide their own end users agreement, they will need to include certain Apple-mandated minimum provisions (for example, including Apple as a third party beneficiary). Again, by distributing through an app store operators do have to cede some control to the platforms.

The application of consumer law to apps is also an area of interest to regulators.

In the UK, the Office of Fair Trading recently published its report and consultation into whether children are being unfairly pressured or encouraged to pay for content in app-based games and whether the full cost of the games is made clear when they are downloaded or accessed. It proposed a set of eight industry principles, covering provision of information about the game, the costs and the organisation, separating commercial intent from gameplay, making it clear when payments are and are not required, use of aggressive practices and direct appeals to children and ensuring that payments are authorised.

In the US, the FTC has also been active in this area and we expect to see more regulation and guidance in the coming months and years. There are clearly a number of app-specific requirements for operators to consider here, and that is before one even gets into the ever-popular topic for regulators of whether social gaming itself should be regulated.

Advertising and marketing

Once operators launch their app in an app store, they do of course become an advertiser and must therefore comply with all applicable advertising laws (including gambling-specific advertising laws).

In practice, this includes ensuring that any content (importantly, this includes the “Description” section of the relevant app store or even in the “Reviews” section) needs to be truthful and not misleading and that advertisements for real-money gambling are not aimed at young people and do not leave vulnerable people open to exploitation or harm. In the US, the FTC has taken action against app game developers that engaged in deceptive advertising by getting their employees to pose as consumers posting game reviews in the Apple App Store.

The International Law of the App

App distribution platforms enable apps to be launched on a multi-territorial basis. Whilst this does of course represent a great business opportunity, it also represents a regulatory risk for operators.

This is mostly just a common sense issue: operators need to ensure that it is legal for them to advertise and distribute their app in the markets in which the app is available through the applicable app store.

In the case of real-money gambling, this means ensuring that the app is not advertised, and cannot be downloaded or used, in territories where operation of or participation in real-money gambling is not permitted. In practice, it is possible to control country targeting as part of the process of uploading apps to app stores (although operators may also choose to effect their own geotargeting systems), so this will again be a case of lawyers and technical teams working together to ensure compliance.

The Law of the App: a watching brief for gaming lawyers and developers alike

Launching an app is not just about making available an online product via mobile. It represents a more fundamental shift than that, because it involves moving the means of distribution of the product from “the open internet” into the more controlled environment of a platform ecosystem. Platform rules are shaping and changing business models. There are also some important nuances in the way that wider laws and regulations apply to mobile offerings. With growing regulatory and legislative interest in the area, keeping track of “The Law of the App” is going to be a watching brief for gaming lawyers. The fact that many app-specific issues arise out of the very nature and technical functionality of mobile devices also means that lawyers and technical developers will need to work side-by-side to ensure compliance.

This article was originally published inĀ World Online Gambling Law Report.

Featured image by Chucky_PS.
Matt Pollins

Author: Matt Pollins

Matt is an international technology, media and telecoms lawyer and Head of Commercial and TMT at CMS in Singapore. He supports clients across Asia-Pacific. You can contact Matt via the "Contact" page. Views expressed on Connected Asia are those of the author. Nothing here constitutes legal advice or creates a lawyer-client relationship.

Share This Post On


  1. App-Makers – Watch Out for Privacy! | datonomy, the data protection blog - […] For further information about “the law of the app”, please see my colleague Matt Pollins’s article on the topic…

Submit a Comment

Your email address will not be published. Required fields are marked *