Mobile
News
10/31/2012
10:25 AM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

California Targets Mobile Apps For Missing Privacy Policies

Mobile app developers that don't post conspicuous online and in-app privacy policies will face $2,500 fine per download.

10 Best Apps For the Samsung Galaxy Note
10 Best Apps For the Samsung Galaxy Note
(click image for larger view and for slideshow)
Mobile app developers, beware: California is set to begin fining mobile app developers that release apps that lack a clear -- and easily accessible -- privacy policy.

The state's Attorney General, Kamala D. Harris, this week began notifying numerous businesses that collectively develop as many as 100 different mobile apps that they're currently breaking the California Online Privacy Protection Act -- a.k.a. CalOPPA -- by not having such privacy policies in place. In letters dated Oct. 29, the businesses were informed that they have "30 days to conspicuously post a privacy policy within their app that informs users of what personally identifiable information about them is being collected and what will be done with that private information," according to a statement released by Harris's office.

Violators will face fines of up to $2,500 for every non-compliant app that gets downloaded. "Protecting the privacy of online consumers is a serious law enforcement matter," said Harris in a statement. "We have worked hard to ensure that app developers are aware of their legal obligations to respect the privacy of Californians, but it is critical that we take all necessary steps to enforce California's privacy laws."

According to Harris's office, the California Online Privacy Protection Act "requires commercial operators of online services, including mobile and social apps, which collect personally identifiable information from Californians, to conspicuously post a privacy policy." To help enforce those privacy protections, the state's Attorney General recently added a new privacy enforcement and protection unit.

[ A lot of attention is being paid to apps. Read Popular Android Apps Vulnerable. ]

Businesses that received the state's privacy-warning letters this week included the airlines Delta and United Continental, as well as OpenTable, reported Bloomberg.

Delta spokeswoman Chris Kelly Singley confirmed by email that "we have received the letter from the Attorney General and intend to provide the requested information." Likewise, United spokeswoman Mary Clark said via email that the company is "taking all steps necessary and appropriate to ensure compliance with California law as it relates to our mobile app." She also noted that United's customer privacy policy, available on its website, details the types of personally identifiable information that the company collects, as well as for what purpose, although that privacy policy currently makes no reference to any mobile app.

OpenTable didn't immediately respond to an emailed request for comment.

Under California law, businesses that have been notified that they're violating the state's privacy policy have 30 days to post a conspicuous privacy policy both online, as well as in their mobile apps. In the warning letter sent by the California Attorney General's office, notified businesses were told that they must also respond, within 30 days, with details of their "specific plans and timeline to comply" with the state's privacy law, or else provide an explanation for why the business believes its app isn't covered by the law.

Harris first began warning businesses that their mobile apps had to comply with the state's privacy law in February, when she announced that as part of a legal settlement, the six businesses with the largest mobile app distribution platforms -- Amazon, Apple, Google, Hewlett-Packard, Microsoft, and Research In Motion -- had agreed to a set of privacy principles, which include allowing consumers to review the privacy policy for any app before they download it. At the time, according to Harris, a majority of apps lacked any privacy policy. In June, meanwhile, Facebook announced that it would also abide by those mobile-app privacy principles.

When it comes to protecting consumer privacy, California continues to be on the leading edge, and its efforts have had influence far beyond the state's borders. Notably, the state was the first to pass mandatory data-breach-notification legislation, via S.B. 1386. That law requires any business that experiences a breach to notify affected state residents, unless the breached data was encrypted. But the alerts also helped residents of other states learn about breaches that may have involved their personal information. California's law also became the model for other states, almost all of which now have data-breach notification requirements in place. In contrast, Congress has been unable to pass a national data breach notification law.

[Editor's note: Story updated 11:45 a.m. 10/31 to add comment from United.]

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
wht
50%
50%
wht,
User Rank: Strategist
11/1/2012 | 7:53:23 PM
re: California Targets Mobile Apps For Missing Privacy Policies
US Congress is the most inept government group we have to put up with. Everything is late, stonewalled, or watered down to pacify lobby interests. It's more than party politics that corrupts the process in the US Senate and House. California is a leader in consumer legislation, but sometimes it seems Calif has gone overboard in their haste to legislate.
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.