California AG Gives Mobile App Developers 30 Days to Comply With State Privacy Law

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

SAN FRANCISCO--California Attorney General Kamala Harris (D) made good on a promise to ensure that mobile app developers comply with state privacy law when she announced Oct. 30 the state will begin formally notifying dozens of developers that they have 30 days to meet user privacy notification requirements.

Companies can be fined up to $2,500 each time a noncompliant app is downloaded, according to an Oct. 26 sample letter released by the AG's office.

The California Online Privacy Protection Act, Cal. Bus. & Prof. Code §§ 22575-22579, requires commercial operators of online services, including mobile and social apps, to conspicuously post a privacy policy informing users of what personally identifiable information is being collected and how it will be used.

Letters will be sent regarding as many as 100 noncompliant apps, starting with the most popular apps available on the Apple App Store and Google Play, according to the AG's office.

“Protecting the privacy of online consumers is a serious law enforcement matter,” Harris said in a statement announcing the move. “We have worked hard to ensure that app developers are aware of their legal obligations to respect the privacy of Californians, but it is critical that we take all necessary steps to enforce California's privacy laws.”

Follows Joint Statement of Principles.

In February, Inc., Apple Inc., Google Inc., Hewlett-Packard Co., Microsoft Corp., and Research in Motion Co., whose platforms represent 95 percent of the market, signed a Joint Statement of Principles agreeing to strengthen privacy notifications and protections to bring them in line with the California law (11 PVLR 375, 2/27/12).

Facebook joined the apps agreement in June (11 PVLR 999, 6/25/12).

A California AG's Office official told app developers in April they had six months to adapt to the principles or be notified of violations (11 PVLR 725, 4/30/12).

By Joyce E. Cutler  

Request Bloomberg Law: Privacy & Data Security