Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends
Posted in Consumer Privacy

Industrywide App Agreement Enhances Privacy Protections and Enforcement

Six leading mobile application (app) platform operators — Amazon, Apple, Google, Hewlett-Packard, Microsoft, and Research in Motion — agreed this week to a “Joint Statement of Principles” with Kamala Harris, the Attorney General of California, that effectively creates enforceable, nationwide mobile app privacy standards.




The agreement — announced after a series of recent headlines raising questions about the sufficiency of current app privacy practices — is designed to promote transparency and consumer control over personal data, as well as compliance with existing privacy laws.   

“By ensuring that mobile apps have privacy policies, we create more transparency and give mobile users more informed control over who accesses their personal information and how it is used,” Attorney General Harris stated. 

To promote transparency, the six app platform operators agreed to include, as part of their app submission process, optional fields for app developers to describe an app’s privacy practices or provide a link to a privacy policy.  When developers provide this information, the platform operators agreed to make it available to consumers in their app store.  As a result, consumers (and privacy advocates) will now be able to learn about an app’s privacy practices before downloading and installing the app.  In addition, they will be able to compare the stated policies against actual practices for compliance with the California act and other existing laws. 

Under the agreement, the platform operators will also provide a mechanism for app store users to report apps that do not comply with applicable laws or terms of service.  They will also develop a process for addressing such non-compliance, facilitating a self-regulatory enforcement regime to help promote improved privacy practices. 

Finally, the platform operators agreed to continue collaborating with Attorney General Harris on mobile privacy best practices.

The parties are scheduled to meet again with six months to evaluate the state of mobile privacy. 

According to Harris, the California Online Privacy Protection Act (Section 22575 of the Business and Professions Code) requires mobile apps collecting personal information from California residents to maintain a publicly available privacy policy.  As background, the California act applies to “an operator of a commercial web site or online service that collects personally identifiable information through the Internet about individual consumers residing in California who use or visit its commercial web site or online service shall conspicuously post its privacy policy.”  Personally identifiable information includes information such as first and last name, address, e-mail address, telephone number, social security number, or other information that can be used to identify specific individuals (or be combined with other sources to identify specific individuals).  The Act also requires privacy policies to include certain disclosures about the provider’s information collection, use, and sharing practices.