Recent developments in California highlight the importance of privacy considerations to businesses that make mobile apps available to the public. In February 2012, the California Attorney General announced a Joint Statement of Principles. In that document the California Attorney General clearly asserts that the privacy policy requirements of the California Online Privacy and Protection Act1 apply to mobile apps. On October 30, 2012 the California Attorney General announced that the state would begin sending businesses letters of noncompliance, in which those businesses would be given thirty days notice to bring their mobile apps into compliance. On December 6, 2012 California sued Delta Airlines for Delta's alleged failure to bring its Fly Delta mobile app into compliance.
California asserts that the California Online Privacy and Protection Act applies to all "operators" "of a commercial Web site or online service that collects personally identifiable information through the Internet about individual consumers residing in California who use or visit its commercial Web site or online service."2 For this purpose a mobile app should now be considered a "commercial Web Site." If an operator does not remedy noncompliance within thirty days after notice of noncompliance, the operator will be in violation of the California Online Privacy and Protection Act. Civil penalties of $2500 are assessed for each violation.3 The California Attorney General takes the position that each copy of a noncompliant app that is downloaded by California consumers is a separate violation, so the consequences of noncompliance could be significant.
With this in mind, all mobile app providers should be concerned about this new focus on the enforcement of California's privacy laws. Fortunately there is some compliance guidance available. Some guidance is provided in the Joint Statement of Principles. Much more guidance is provided in the recently released Privacy on the Go: Recommendations for the Mobile Ecosystem. That document contains recommendations for app developers, app platform providers, mobile ad networks, operating system developers and mobile carriers.
It should also be noted that California is not alone addressing the relationship between privacy laws and mobile apps. In August 2012, the U.S. Federal Trade Commission released Marketing Your Mobile App: Get It Right from the Start. In addition, in February 2012, the U.S. Federal Trade Commission released a report regarding the relationship between mobile apps and children specifically. For this reason, mobile app providers should not rely on an assumption that California law does not apply to them, and they should take measures to avoid compliance issues.
1 Cal. Bus. & Prof. Code §§ 22575-22579.
2 Cal. Bus. & Prof. Code § 22575(a).
3 Cal. Bus. & Prof. Code § 17206.
This Legal Update is a periodic publication of Lindquist & Vennum LLP and is intended to provide basic information about new developments in the law. It should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general informational purposes only, and you are urged to consult your own attorney concerning your situation and specific legal questions you have.