California Attorney General Kamala D. Harris today announced a crackdown on mobile application developers and companies that haven’t posted privacy policies, at least where users can easily find them.
The attorney general is giving recipients 30 days “to conspicuously post a privacy policy within their app that informs users of what personally identifiable information about them is being collected and what will be done with that private information,” according to a prepared statement.
A sample letter defines the issue at hand. “An operator of a mobile application (“app”) that uses the Internet to collect PII is an “online service” within the meaning of CalOPPA. An app’s commercial operator must therefore conspicuously post its privacy policy in a means that is reasonably accessible to the consumer. Having a Web site with the applicable privacy policy conspicuously posted may be adequate, but only if a link to that Web site is ‘reasonably accessible’ to the user within the app.”
The AG’s office didn’t specify companies but said “the letters will be sent out to up to 100 non-compliant apps at this time, starting with those who have the most popular apps available on mobile platforms.”
The news service Bloomberg reports that United and Delta airlines and the online reservations site OpenTable are among the targeted companies receiving notices they are in violation of the state’s privacy protocol for mobile applications released in February.
California is at the vanguard of states requiring privacy policies for mobile applications, acknowledging the growing shift in consumer use of mobile devices such as smartphones and tablets.
Apple, Amazon, Google, Facebook, Microsoft, Research in Motion and HP earlier agreed to let users review app privacy policies before they are downloaded and to post data collection guidelines in a consistent place in accordance with California’s Online Privacy Protection Act.
“The letters are the first step in taking legal action to enforce the California Online Privacy Protection Act, which requires commercial operators of online services, including mobile and social apps, which collect personally identifiable information from Californians to conspicuously post a privacy policy,” according to the statement.
“Privacy policies are an important safeguard for consumers. Privacy policies promote transparency in how companies collect, use, and share personal information. Companies can face fines of up to $2,500 each time a non-compliant app is downloaded.”