California Targets Mobile Apps For Missing Privacy Policies - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


California Targets Mobile Apps For Missing Privacy Policies

Mobile app developers that don't post conspicuous online and in-app privacy policies will face $2,500 fine per download.

10 Best Apps For the Samsung Galaxy Note
10 Best Apps For the Samsung Galaxy Note
(click image for larger view and for slideshow)
Mobile app developers, beware: California is set to begin fining mobile app developers that release apps that lack a clear -- and easily accessible -- privacy policy.

The state's Attorney General, Kamala D. Harris, this week began notifying numerous businesses that collectively develop as many as 100 different mobile apps that they're currently breaking the California Online Privacy Protection Act -- a.k.a. CalOPPA -- by not having such privacy policies in place. In letters dated Oct. 29, the businesses were informed that they have "30 days to conspicuously post a privacy policy within their app that informs users of what personally identifiable information about them is being collected and what will be done with that private information," according to a statement released by Harris's office.

Violators will face fines of up to $2,500 for every non-compliant app that gets downloaded. "Protecting the privacy of online consumers is a serious law enforcement matter," said Harris in a statement. "We have worked hard to ensure that app developers are aware of their legal obligations to respect the privacy of Californians, but it is critical that we take all necessary steps to enforce California's privacy laws."

According to Harris's office, the California Online Privacy Protection Act "requires commercial operators of online services, including mobile and social apps, which collect personally identifiable information from Californians, to conspicuously post a privacy policy." To help enforce those privacy protections, the state's Attorney General recently added a new privacy enforcement and protection unit.

[ A lot of attention is being paid to apps. Read Popular Android Apps Vulnerable. ]

Businesses that received the state's privacy-warning letters this week included the airlines Delta and United Continental, as well as OpenTable, reported Bloomberg.

Delta spokeswoman Chris Kelly Singley confirmed by email that "we have received the letter from the Attorney General and intend to provide the requested information." Likewise, United spokeswoman Mary Clark said via email that the company is "taking all steps necessary and appropriate to ensure compliance with California law as it relates to our mobile app." She also noted that United's customer privacy policy, available on its website, details the types of personally identifiable information that the company collects, as well as for what purpose, although that privacy policy currently makes no reference to any mobile app.

OpenTable didn't immediately respond to an emailed request for comment.

Under California law, businesses that have been notified that they're violating the state's privacy policy have 30 days to post a conspicuous privacy policy both online, as well as in their mobile apps. In the warning letter sent by the California Attorney General's office, notified businesses were told that they must also respond, within 30 days, with details of their "specific plans and timeline to comply" with the state's privacy law, or else provide an explanation for why the business believes its app isn't covered by the law.

Harris first began warning businesses that their mobile apps had to comply with the state's privacy law in February, when she announced that as part of a legal settlement, the six businesses with the largest mobile app distribution platforms -- Amazon, Apple, Google, Hewlett-Packard, Microsoft, and Research In Motion -- had agreed to a set of privacy principles, which include allowing consumers to review the privacy policy for any app before they download it. At the time, according to Harris, a majority of apps lacked any privacy policy. In June, meanwhile, Facebook announced that it would also abide by those mobile-app privacy principles.

When it comes to protecting consumer privacy, California continues to be on the leading edge, and its efforts have had influence far beyond the state's borders. Notably, the state was the first to pass mandatory data-breach-notification legislation, via S.B. 1386. That law requires any business that experiences a breach to notify affected state residents, unless the breached data was encrypted. But the alerts also helped residents of other states learn about breaches that may have involved their personal information. California's law also became the model for other states, almost all of which now have data-breach notification requirements in place. In contrast, Congress has been unable to pass a national data breach notification law.

[Editor's note: Story updated 11:45 a.m. 10/31 to add comment from United.]

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Strategist
11/1/2012 | 7:53:23 PM
re: California Targets Mobile Apps For Missing Privacy Policies
US Congress is the most inept government group we have to put up with. Everything is late, stonewalled, or watered down to pacify lobby interests. It's more than party politics that corrupts the process in the US Senate and House. California is a leader in consumer legislation, but sometimes it seems Calif has gone overboard in their haste to legislate.
How to Create a Successful AI Program
Jessica Davis, Senior Editor, Enterprise Apps,  10/14/2020
Think Like a Chief Innovation Officer and Get Work Done
Joao-Pierre S. Ruth, Senior Writer,  10/13/2020
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
White Papers
Register for InformationWeek Newsletters
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
Flash Poll