Companies that run websites must comply with laws and rules requiring the maintenance of personal privacy. While federal requirements such as those applicable to financial privacy and children’s privacy gain significant attention, website and app developers also should pay careful attention to state privacy requirements. State regulators are monitoring websites and apps for compliance with their privacy mandates.
Given the open nature of the Internet, companies and Web developers, as a practical matter, need to comply with the strictest state privacy requirements — since they can assume that their sites will be accessed from all the states.
So the recent letters sent by California Attorney General Kamala Harris to 100 companies and mobile app developers (including Delta, United Continental and Open Table), asking them to bring their privacy policies in line with California state law, are highly relevant to anyone whose Web site is going to be accessed in California.
In these letters, Harris gave companies and developers 30 days to come up with a plan to comply with the California privacy law, or tell her why it does not apply to a particular app. After the 30 days are up, Harris will apparently sue the firms or developers that aren’t complying, with a potential fine of up to $2,500 each time the app is downloaded.
The letters target companies that do not “have a privacy policy reasonably accessible for consumers” for their apps.
“Protecting the privacy of online consumers is a serious law enforcement matter,” Harris said in a statement. “We have worked hard to ensure that app developers are aware of their legal obligations to respect the privacy of Californians, but it is critical that we take all necessary steps to enforce California’s privacy laws.”
According to a press release from Harris, the letters “are the first step in taking legal action to enforce the California Online Privacy Protection Act, which requires commercial operators of online services, including mobile and social apps, which collect personally identifiable information from Californians to conspicuously post a privacy policy.”
Earlier this year, Harris helped create an agreement among the seven leading mobile and social app platforms to improve privacy protections for those who use apps on their smartphones, tablets, and other electronic devices. According to her release, these companies – Amazon, Apple, Facebook, Google, Hewlett-Packard, Microsoft, and Research in Motion – agreed to privacy principles designed to bring the industry in line with California law requiring mobile apps that collect personal information to have a privacy policy.
The agreement allows consumers the opportunity to review an app’s privacy policy before they download the app rather than after, and offers consumers a consistent location for an app’s privacy policy on the application-download screen in the platform store.
We must emphasize that anyone who makes apps and websites available to consumers must comply with state as well as federal requirements. The California actions will only be the beginning.