CA Attorney General Cracks Down on Mobile Apps for Privacy Policies

[author: Natasha Shabani]

If your website collects personal information from California residents, you may already be aware that a California law, called The California Online Privacy Protection Act (“CalOPPA”), codified at California Business & Professions Code §§ 22575 – 22579, requires you to post a Privacy Policy on your site, detailing what personal information your site collects and what is being done with that personal information.

What you may not know is that if you also have a mobile app which collects personal information from Californians, you should post a Privacy Policy on that app as well.

As mobile apps grow in number and popularity, many consumers find themselves making purchases, signing up for newsletters and services, entering sweepstakes, engaging in social networking, and otherwise providing personal information via mobile apps they download on their smartphones or tablets.  However, the vast majority of apps either do not have a posted Privacy Policy at all, or have one that is buried somewhere on a page where the user is unlikely to come across it. 

Recently, this issue has earned the scrutiny of the California Attorney General’s office, which has taken the position that apps are subject to the requirements of CalOPPA just as traditional websites are.

On October 30, 2012, CA Attorney General Kamala Harris sent formal notices to approximately 100 app owners, including United, Delta, and OpenTable, informing them that their apps violate CalOPPA.  The companies have been given 30 days to conspicuously post a privacy policy within their app that informs users of what personally identifiable information about them is being collected and what will be done with that personal information.  Non-compliant companies may face stiff fines of $2,500 for each time that the non-compliant app is downloaded by a California user, according to Attorney General Harris.

This recent crackdown by Attorney General Harris is consistent with an agreement she forged earlier in 2012 among the leading mobile and social app platforms to improve privacy protections for app users.  Those platforms – Amazon, Apple, Google, Hewlett-Packard, Microsoft, and Research in Motion, later joined by Facebook – agreed to implement global privacy principles to bring the app industry in line with CalOPPA requiring mobile apps that collect personal information to have a privacy policy. This agreement also requires consumers to have the opportunity to review an app’s privacy policy before they download the app rather than after, and offers consumers a consistent location for an app’s privacy policy on the application-download screen in the platform’s store.

In today’s digital age, mobile apps are an essential and prominent aspect of many business owners’ operations.  If your app collects personal information from California residents, be sure to check with your attorney to help you adapt your website privacy policy to your mobile app, or prepare a new Privacy Policy, to ensure that you are compliant with California law.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Greenberg Glusker Fields Claman & Machtinger LLP | Attorney Advertising

Written by:


Greenberg Glusker Fields Claman & Machtinger LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.