For all media inquiries,
please contact:
Ariel Rivera
Communications Specialist

Mobile Apps and Privacy Policies

February 12, 2013

Downloadable mobile apps are increasingly popular online tools that businesses are using for many purposes, including marketing, interacting with customers, gaming and entertainment.

However, if your business is collecting personally identifiable (PI) information (such as mobile phone numbers, e-mail addresses, web browsing history, mobile or wireless device identifiers, user names, passwords or other similar types of data) from California residents via its mobile apps – beware!

The California Attorney General (AG) recently formed a “Privacy Enforcement and Protection Unit” and is policing against mobile app developers who fail to comply with California’s Online Privacy Protection Act (OPPA).

Under California’s OPPA, mobile app developers that are collecting PI information from California residents (whether or not the developer is domiciled in California) are required to have adequate privacy policies for their mobile apps. That is, the privacy policies must set forth clearly and conspicuously the types of PI information being collected, why and how it is being collected, and how it is being stored, among other things.

Failure to comply with OPPA can result in a fine of up to $2,500 for each copy of each app downloaded by a California resident.

The California AG began ramping up its enforcement proceedings last year. In October 2012, the California AG sent letters to approximately 100 mobile app developers whose privacy policies did not comply with OPPA and ordered they be corrected within 30 days. In December 2012, the California AG filed its first lawsuit against Delta Airlines, Inc. because its Fly Delta app violated OPPA for having a deficient privacy policy.

More recently, on January 10, 2013, the California AG released a report entitled, “Privacy On The Go: Recommendations For The Mobile Ecosystem.” The report provides privacy practice recommendations and guidelines for mobile app developers, app platform providers (such as Apple and Google) and others associated with the mobile app industry.

Some of the recommendations are:

  • Developing a privacy policy that is clear, conspicuous and accessible to mobile app users. That means making the privacy policy available not only on your website but on the mobile app platform before the user downloads the mobile app.
  • Limiting the collection of PI information to only that which is necessary for the basic use and function of the mobile app.
  • Having adequate security safeguards in place for protecting and keeping secure any PI information you collect via your mobile app.
  • Retaining PI information only so long as needed and implementing measures for deleting PI information when the information no longer needs to be retained.

If you have concerns about whether your privacy policy complies with California's OPPA, or if you have been contacted by the California AG regarding your privacy policy, please contact:

Peter E. NussbaumCo-Chair, Intellectual Property Group | (973) 530-2025 |

Rachel C. Santarlas | Counsel | (973) 530-2064 |