Agreement with California Attorney General May Set Floor for Privacy Protections for Users of Mobile Applications

Amid growing concern about their personal information being pulled by mobile applications (“apps”) and taking a lead from the Federal Trade Commission (“FTC”), whose recent report raised concerns about the lack of privacy information available to mobile app users before download, California Attorney General Kamala Harris announced a privacy agreement with the six largest mobile app providers – Amazon, Apple, Google, Hewlett-Packard, Microsoft and Research in Motion – that will impact how millions download apps to their smartphones, tablets, and other mobile devices.

The six companies have agreed to privacy principles designed to bring the industry in line with California’s Online Privacy Protection Act (“the Act”), most significantly requiring mobile apps that collect personal information to have a privacy policy, and to display it in prominent fashion and in easy to understand language before the app is downloaded. 

Two important features of the agreement are that consumers:

  1. will be afforded the opportunity to review the app’s privacy policy before they download the app rather than after, and
  2. will be offered a consistent location for finding the app’s privacy policy. 

The six companies will also be tasked with educating the app developers about their privacy obligations and will be providing users tools to report non-compliant apps.

Privacy policies are important consumer protections that allow for transparency into how companies collect and use personal information. Currently, most apps do not have privacy policies.

An important part of the agreement is the recognition that the Act applies to independent app developers as well as operators of commercial website and online services that sell and distribute them.

The Attorney General predicts that this agreement will have international impact as app developers will choose to comply with California law and the agreement because California is an important state (lots of app users here), and it will be administratively easier for the app developers to have one design that works everywhere.

At this point, it is uncertain whether the agreement will have the global impact the Attorney General predicts. That said, we have seen other California privacy laws assume a national impact. 

For example, the California Security Breach Notification law was one of the first in the country and, as such, many companies doing business in California had to comply with it not only in California, but, for public relations reasons, everywhere – how could a large national company provide security breach notification letters in California to California residents, but not in Arizona? 

In this example, the company would essentially being telling people in Arizona that their protection is less important than persons in California. Therefore, many companies simply decided to provide security breach notification letters everywhere it did business even before many states passed similar security breach notification laws. It is possible the same impact could happen with this new Act.

For more information or any questions, please contact Tim Moroney 415-743-3713 or

Trackbacks (0) Links to blogs that reference this article Trackback URL:
Comments (0) Read through and enter the discussion with the form at the end
Post A Comment / Question Use this form to add a comment to this entry.

Remember personal info?