California Requires App Makers to Post Privacy Policies

Share this:

California wants privacy policies for mobile apps, declared California Attorney General Kamala D. Harris.  At a press conference in San Francisco, Harris announced that the California Attorney General’s office has struck a deal with Apple, Google, Hewlett-Packard, Microsoft and Research in Motion in which the companies will require mobile app developers to post privacy policies.  This means that many hyperlocal apps that use location data may be required to provide privacy information.

The state’s law already requires online services that collect personal information from users to post their privacy practices conspicuously on their home pages.  “There was a question on whether the privacy rules apply to mobile apps — they do apply to mobile apps,” Harris said.

“The majority of mobile applications do not have privacy policies,” added Harris, “and they’re required to have them.” Harris said most consumers do not understand the breadth and expanse of information that businesses can obtain from consumers’ mobile devices. “What we know is that there are applications, once downloaded, will download consumers address books and other information on their devices.” Ms. Harris believes application providers should “disclose what may be at risk” to consumers.

The companies agreed to redesign their application stores and markets to provide for privacy policies for mobile applications. Specifically, the companies will implement an application submission process for new or updated apps either (1) a data field for a hyperlink to the app’s privacy policy or (2) a data field and storage for the text of the app’s privacy policy or a statement describing the app’s privacy practices.  The companies also must implement a means for users to report apps that do not comply with applicable terms of service or laws.

“This agreement will allow consumers the opportunity to review an app’s privacy policy before they download the app rather than after,” Ms. Harris added in a statement. Although applying California law, Ms. Harris said the new agreement is “global in scope,” since it will apply to the six companies who agreed to comply with California law, to any user in California of an application, to any app developer in California, and to any service that distributes apps from California.

Hyperlocals that plan to upgrade or distribute mobile apps through channels like Google’s Android Market or Apple’s App Store should examine their privacy practices and review the requirements that may be imposed soon by the application distributors.

Brian Dengler is an attorney with Vorys Legal Counsel and journalist who covers legal issues in eMedia. He is a former vice-president of AOL, Inc., a former newspaperman, and an EMMY-winning TV journalist. He teaches new media issues as an adjunct at Kent State University and formerly at Otterbein University.