Mobile Apps and Privacy Policies
February 12, 2013
Downloadable mobile apps are increasingly popular online tools that businesses are using for many purposes, including marketing, interacting with customers, gaming and entertainment.
However, if your business is collecting personally identifiable (PI) information (such as mobile phone numbers, e-mail addresses, web browsing history, mobile or wireless device identifiers, user names, passwords or other similar types of data) from California residents via its mobile apps – beware!
The California Attorney General (AG) recently formed a “Privacy Enforcement and Protection Unit” and is policing against mobile app developers who fail to comply with California’s Online Privacy Protection Act (OPPA).
Under California’s OPPA, mobile app developers that are collecting PI information from California residents (whether or not the developer is domiciled in California) are required to have adequate privacy policies for their mobile apps. That is, the privacy policies must set forth clearly and conspicuously the types of PI information being collected, why and how it is being collected, and how it is being stored, among other things.
Failure to comply with OPPA can result in a fine of up to $2,500 for each copy of each app downloaded by a California resident.
More recently, on January 10, 2013, the California AG released a report entitled, “Privacy On The Go: Recommendations For The Mobile Ecosystem.” The report provides privacy practice recommendations and guidelines for mobile app developers, app platform providers (such as Apple and Google) and others associated with the mobile app industry.
Some of the recommendations are:
- Limiting the collection of PI information to only that which is necessary for the basic use and function of the mobile app.
- Having adequate security safeguards in place for protecting and keeping secure any PI information you collect via your mobile app.
- Retaining PI information only so long as needed and implementing measures for deleting PI information when the information no longer needs to be retained.
Rachel C. Santarlas | Counsel | (973) 530-2064 | email@example.com