California Attorney General Issues Mobile Privacy Recommendations

The California state Attorney General recently issued privacy recommendations for mobile app and operating system developers, app platform providers, advertising networks, and mobile carriers. The recommendations are intended to ensure that mobile apps comply with applicable privacy laws such as the California Online Privacy Protection Act, and ultimately aim to "minimize surprises to users from unexpected privacy practices." The recommendations provide that app developers should: 1) create a checklist to assess the app's potential collection, use, and disclosure of personally identifiable data; 2) avoid or limit collecting personally identifiable data that is not needed for the app's basic functionality; 3) provide privacy policies that are "clear, accurate, and conspicuously accessible" both to users of the app and to potential users of the app; and 4) use special notices to alert users to data practices that "may be unexpected and to enable them to make meaningful choices" with respect to the sharing and use of that data. The recommendations also echo prior statements that app platform providers make app privacy policies accessible from the platform so that they can be accessed before the app is downloaded. With respect to mobile ad networks, the recommendations suggest that they should provide privacy policies to app developers, avoid using out-of-app ads that are delivered by modifying user settings, and use identifiers that are either temporary or app-specific. The recommendations also suggest to operating system developers that they create global settings consumers can use to apply their choices across a device and all of the apps accessible on the device. Finally, the recommendations indicate that mobile carriers should work to educate customers on how to protect their privacy in the mobile environment.   

TIP: While worded as "recommendations," the tips and suggestions contained in this recent document from the California AG office suggest a direction that enforcement might take if the recommendations are not followed. There is information in the document helpful not just for app developers and app platform providers, but also for those companies who are looking to have a third parties develop and market apps on their behalf.