Attorney General Kamala D. Harris Notifies Mobile App Developers of Non-Compliance with California Privacy Law

Tuesday, October 30, 2012
Contact: (916) 210-6000, agpressoffice@doj.ca.gov

SAN FRANCISCO -- Attorney General Kamala D. Harris this week began formally notifying scores of mobile application developers and companies that they are not in compliance with California privacy law.

The companies were given 30 days to conspicuously post a privacy policy within their app that informs users of what personally identifiable information about them is being collected and what will be done with that private information. Letters will be sent out to up to 100 non-compliant apps at this time, starting with those who have the most popular apps available on mobile platforms.

"Protecting the privacy of online consumers is a serious law enforcement matter," said Attorney General Kamala D. Harris. "We have worked hard to ensure that app developers are aware of their legal obligations to respect the privacy of Californians, but it is critical that we take all necessary steps to enforce California’s privacy laws."

The letters are the first step in taking legal action to enforce the California Online Privacy Protection Act (Simitian), which requires commercial operators of online services, including mobile and social apps, which collect personally identifiable information from Californians to conspicuously post a privacy policy. Privacy policies are an important safeguard for consumers. Privacy policies promote transparency in how companies collect, use, and share personal information. Companies can face fines of up to $2,500 each time a non-compliant app is downloaded.

This action by Attorney General Harris follows an agreement she forged among the seven leading mobile and social app platforms to improve privacy protections for millions of users around the globe who use apps on their smartphones, tablets, and other electronic devices. Those platforms – Amazon, Apple, Facebook, Google, Hewlett-Packard, Microsoft, and Research in Motion – agreed to privacy principles designed to bring the industry in line with California law requiring mobile apps that collect personal information to have a privacy policy. The agreement allows consumers the opportunity to review an app’s privacy policy before they download the app rather than after, and offers consumers a consistent location for an app’s privacy policy on the application-download screen in the platform store.

The California Online Privacy Protection Act is one of the privacy laws that the Privacy Enforcement and Protection Unit is charged with enforcing. Created in 2012, the Privacy Unit’s mission is to enforce federal and state privacy laws regulating the collection, retention, disclosure, and destruction of private or sensitive information by individuals, organizations, and the government. This includes laws relating to cyber privacy, health privacy, financial privacy, identity theft, government records and data breaches.

The February 2012 press release announcing the apps agreement can be found here. The June 2012 press release announcing that Facebook joined the apps agreement can be found here.

A sample non-compliance letter is attached.

# # #
AttachmentSize
PDF icon Sample non-compliance letter24.42 KB