California AG to Begin Enforcing Privacy Law Against App Developers - $2500-per-Download Fines

[author: Rachel Tarko Hudson]

Mobile app developers must now conspicuously post and follow privacy policies just like websites and other commercial online services according to California Attorney General Kamala Harris. On October 30, the Attorney General’s office began sending warning letters to app developers notifying them that they had 30 days to comply. Time is now up. And the consequences are potentially substantial with the law carrying fines of up to $2,500 per download.

California’s Online Privacy Protection Act (OPPA) provides that “[a]n operator of a commercial Web site or online service that collects personally identifiable information through the Internet about individual consumers residing in California who use or visit its commercial Web site or online service shall conspicuously post its privacy policy on its Web site,” or in the case of an operator of an online service, make that policy reasonably accessible to those consumers. The OPPA also includes specific requirements for the content of privacy policies. While the OPPA has been in effect since 2004, the Attorney General’s office only recently began focusing its attention on enforcing the law against app developers.

The Attorney General’s office sent about 100 warning letters to the developers of some of the most popular apps in this first round, stating that it was the first step in enforcement against those developers. Given the high proportion of apps without posted privacy policies, it is likely that additional letters will be sent. While no more formal enforcement actions have been reported, the Attorney General has indicated that she and her office are prepared to sue developers if necessary. In addition, the Attorney General has reached an agreement with the major app platforms to require that apps distributed through their platforms have clear privacy policies.

While the Attorney General is presently giving app developers 30 days to comply with the OPPA in the warning letters, with the increased regulatory and consumer focus on privacy issues, app developers should examine their information privacy practices and draft and post a privacy policy that complies with the OPPA and other privacy laws. Many developers cut and paste privacy policies from other apps. This is a mistake. Those privacy policies may not comply with the law. Also, each developer should tailor its privacy policy to fit their specific app and information privacy practices.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Sheppard Mullin Richter & Hampton LLP | Attorney Advertising

Written by:


Sheppard Mullin Richter & Hampton LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.