On February 22, 2012, California’s Attorney General, Kamala D. Harris, entered into an agreement with several leading providers of mobile devices and app stores to increase consumer privacy protection for mobile applications or “apps.” Under the agreement’s terms, these companies have agreed to redesign their app stores to provide a location for app developers to display their privacy policies.

California has long taken privacy – including technology-related privacy – seriously. Article 1, Section 1 of the California Constitution recognizes privacy as an inalienable right. California’s Online Privacy Protection Act of 2003 (“CalOPPA”) provides substantial consumer privacy protection by requiring any “operator of a commercial Web site or online service that collects personally identifiable information through the Internet about individual consumers residing in California” to post a conspicuous privacy policy detailing, for example, the categories of personally identifiable information collected from users and the categories of third-parties with whom the information may be shared.

The two-page Joint Statement of Principles, adopted by Harris and the six leading mobile application platform companies – Apple, Amazon.com, Google, Hewlett-Packard, Microsoft, and Research In Motion (the “Companies”) – reflects an agreement to bring the mobile application industry into compliance with the terms of CalOPPA. Specifically, the Joint Statement sets forth the following principles for apps:

  • According to the California AG’s interpretation of CalOPPA, applications that collect personal user data must conspicuously post a privacy policy detailing, clearly and completely, how the application collects, uses, and shares personal data.
  • The Companies agree to include optional data fields for an application’s privacy policy – via hyperlink or text – in the submission process for new or updated apps so that users will be able to access the provided policy information from the application store.
  • Users will have the ability to report to the Companies applications that do not comply with applicable terms of service and/or laws, and the Companies will implement a process for responding to such reports.

These principles will apply globally to any mobile application that may impact a California consumer.

App developers that do not comply with CalOPPA by posting a privacy policy for their app can be held accountable under California law.

This blog post was written by Michelle Arnold, associate in our litigation department.