Ever on the forefront of consumer privacy protection, California is again making news in the privacy world with the California Attorney General’s recent publication of “Privacy on the Go: Recommendations for the Mobile Ecosystem,” which includes privacy recommendations for app developers, app platform providers, mobile ad networks, makers of operating systems and mobile carriers.  With this publication, California joins the FTC and the GSMA as entities that have published non-binding guidance with respect to mobile privacy (which we blogged about here and here, respectively).

In the publication, the Attorney General notes that these recommendations often “. . . offer greater protection than afforded by existing law, [and] are intended to encourage all players in the mobile marketplace to consider privacy implications at the outset of the design process.”  The report outlines the following specific recommendations:

For App Developers:

  • Start with a data checklist to review the personally identifiable data your app could collect and use it to make decisions on your privacy practices.
  • Be transparent with respect to your privacy practices.
  • Avoid or limit collecting or retaining personally identifiable data not needed for your app’s basic functionality.
  • Give users access to personally identifiable data the app collects and retains about them.
  • Use security safeguards.
  • Be accountable for compliance with applicable laws.
  • Develop a privacy policy that is clear, accurate, and conspicuously accessible to users and potential users.  
  • Use enhanced measures – “special notices” or the combination of a short privacy statement and privacy controls – to draw users’ attention to data practices that maybe unexpected and to enable them to make meaningful choices.

For App Platform Providers:

  • Make app privacy policies accessible from the app platform so that they may be reviewed before a user downloads an app.
  • Use the platform to educate users on mobile privacy.

For Mobile Ad Networks:

  • Avoid using out-of-app ads that are delivered by modifying browser settings or placing icons on the mobile desktop.
  • Have a privacy policy and provide it to the app developers who will enable the delivery of targeted ads through your network.
  • Move away from the use of unchangeable device-specific identifiers and transition to app-specific or temporary device identifiers.

For Operating System Developers:

  • Develop global privacy settings that allow users to control the data and device features accessible to apps.

For Mobile Carriers:

  • Leverage your ongoing relationship with mobile customers to educate them on mobile privacy and particularly on children’s privacy.

While the California Attorney General acknowledges that the recommendations are just that – recommendations – it is clear that as “smart phones” become ubiquitous, more federal and state regulation will impact, in one way or another, all participants in the mobile ecosystem.