California Raisin’ the Stakes on Privacy Policy Compliance



The California Privacy Protection Act (CalOPPA) is getting a big new enforcement tool: consumers armed with a new complaint form.

California Attorney General Kamala Harris (D)—who is seeking to represent California in the U.S. Senate—announced Oct. 14 that California will launch a new online tool that makes it easier for consumers to report websites, apps and other online services that violate CalOPPA.

“It is unique for a regulator to proactively reach out to consumers to encourage the reporting of privacy policy violations and these measures could certainly encourage companies to proactively review their CalOPPA compliance,” Gary A. Kibel, a digital technology and privacy partner at Davis & Gilbert LLP in New York, said in a statement sent to Bloomberg BNA. 

“However, CalOPPA actually has a unique cure provision, so even if consumers make complaints, it is possible that a company may not yet have liability,” he said.

The form asks consumers to identify the nature of the privacy policy non-compliance, with the following options: (1) privacy policy missing or inapplicable; (2) privacy policy difficult to locate; (3) privacy policy incomplete; (4) privacy policy violated; or (5) failure to provide notice of a material change.

CalOPPA tells online services how and where the privacy policy should be displayed and what information must be included in the policies.

The Future of Privacy Forum (FPF) conducted a study that found in 2016 that found that the number of apps with privacy policies rose from 30 percent to 80 percent since California entered into an international mobile app agreement in 2012 that included Alphabet Inc.’s Google, Apple Corp. and Amazon, among other leading app platforms.

The FPF study also found health and fitness apps that access sensitive personal data “do worse than average at providing privacy policies,” with only 70 percent having a privacy policy at all, and only 61 percent of apps linked to the privacy policy from the app.

The new complaint form is a direct response to these findings and allows consumers to crowdsource privacy policy violations, with the hope that it makes it easier on the California Department of Justice to identify CalOPPA violations.

The Attorney General’s Office also announced that it’s collaborating with Carnegie Mellon University computer scientists to review apps in the Google Play store for privacy policy compliance, and also consulting with privacy professionals and designers on the effectiveness of CalOPPA and California’s Do Not Track law.

To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.