California attorney general issues guidance on how app developers can better protect consumer privacy
Attorney General Kamala D. Harris today issued recommendations for mobile application (app) developers and the mobile industry to safeguard consumer privacy. Today’s report provides guidance on developing strong privacy practices, translating these practices into mobile-friendly policies, and coordinating with mobile industry actors to promote comprehensive transparency.
“Californians want to know what personal information their apps collect, how it is used and with whom it is shared,” said Attorney General Harris. “To meet this need and keep pace with rapidly changing technology, these recommendations strike a responsible balance between protecting consumers’ personal information and fostering the continued growth of the innovative app economy.”
Today’s report, Privacy on the Go: Recommendations for the Mobile Ecosystem, is the result of an outreach effort that compiled input from stakeholders throughout the mobile industry. Its purpose is to serve as a template for the mobile industry to develop mobile-friendly privacy policies and practices that will improve consumer privacy without stifling innovation. To accommodate the smaller screens of mobile devices, the report recommends the use of special notifications such as icons, or pop-up notifications to inform consumers about how personally identifiable information is being collected and shared.
The issue of mobile privacy is increasingly pressing as more than half of American adult cell phone owners access the Internet from their phones, and more than 1,600 mobile apps are released every day.
To protect consumers’ online privacy, Attorney General Harris forged an agreement among the seven leading mobile and social app platforms in 2012. The agreement – with Amazon, Apple, Facebook, Google, Hewlett-Packard, Microsoft and Research in Motion – involved displaying app privacy policies that users could find in a consistent location in the platform store and review before downloading an app.
In October 2012, the Attorney General sent letters to approximately 100 mobile app developers and companies that were not in compliance with the California Online Privacy Protection Act and gave 30 days to post a conspicuous privacy policy. In December, the Attorney General filed the first legal action against Delta Airlines, Inc. for violating California’s online privacy law, which requires apps that collect personally identifiable information to conspicuously post a privacy policy.
Last year, Attorney General Harris also established the Privacy Enforcement and Protection Unit to enforce federal and state privacy laws regulating the collection, retention, disclosure, and destruction of private or sensitive information by individuals, organizations, and the government. This includes California’s Online Privacy Protection Act, as well as laws relating to cyber privacy, health and financial privacy, identity theft, government records and data breaches.
A copy of the report is available here: http://oag.ca.gov/sites/all/files/pdfs/privacy/privacy_on_the_go.pdf
To learn more about the Attorney General’s privacy work, visit http://oag.ca.gov/cybersafety.