California’s attorney general recently released a set of privacy practice recommendations for app developers. The recommendations, which the California AG acknowledged offer greater protection than existing privacy law, are not legally binding. However, since the AG is charged with enforcing the California Online Privacy Protection Act (OPPA), the recommendations provide insight into how that law may be interpreted in connection with privacy investigations and enforcement actions. And since any app that collects data from California users must comply with the requirements of OPPA, the scope of that law is broad and, like the federal Children’s Online Privacy Protection Act, which we recently analyzed, these recommendations could have far-reaching effects that must be seriously considered.
A second lawsuit against another developer is expected in the coming months.
Finally, the California AG made limited recommendations to operating system developers and mobile carriers. Operating system developers should create global privacy settings to allow users to control the data and device features accessible to apps, while mobile carriers ought to leverage their customer relationships to educate on mobile privacy.
These new recommendations force virtually any company in the “app space” to reconsider their privacy and data collection practices and consider whether or not those policies comply with the California AG’s views on how privacy policies should be scoped and implemented. Since nearly all mobile apps can be accessed and used by California users, any developer whose app collects information from users should take notice.
** Justin Greenbaum assisted in the drafting of this post.