Header graphic for print
Inside Privacy Updates on Developments in Global Privacy & Data Security from Covington & Burling LLP

California AG Puts Mobile App Developers on Notice

Posted in Mobile, Privacy Policies, United States

California Attorney General Kamala Harris has formally warned 100 app developers that their apps are not in compliance with the California Online Privacy Protection Act (OPPA).  Harris has given these developers 30 days to come into compliance by “conspicuously post[ing] a privacy policy within their app that informs users of what personally identifiable information about them is being collected and what will be done with that private information.”  Harris’s press release also noted that “[c]ompanies can face fines of up to $2,500 each time a non-compliant app is downloaded.”  (The list of developers that received warnings has not been made public.)

Although a recent study showed that app developers increasingly are transparent about their data practices, many still are struggling to find ways to disclose material information to users in the limited space available on mobile devices.  As we noted last week, regulators and industry groups currently are working on different approaches intended to address this issue.  One potential approach–which the FTC and Attorney General Harris support–is the development of privacy “nutrition labels” that would present essential terms in much the same way that the food industry presents nutrition information on packages.  Industry groups, on the other hand, seem more focused on developing privacy icons that would work similarly to the now-ubiquitous AdChoices Icon.

Attorney General Harris has made mobile privacy a top priority for her office.  Earlier this year, she announced an agreement with leading providers of mobile app marketplaces — including Amazon, Apple, and Google — under which those companies committed to require app developers to post privacy policies within their apps in accordance with the OPPA.  Shortly thereafter, Harris launched a “Privacy Enforcement and Protection Unit” that would focus on the enforcement of California’s privacy laws.