California AG to Begin Enforcing Privacy Law Against App Developers - $2500-per-Download Fines

[author: Rachel Tarko Hudson]

Mobile app developers must now conspicuously post and follow privacy policies just like websites and other commercial online services according to California Attorney General Kamala Harris. On October 30, the Attorney General’s office began sending warning letters to app developers notifying them that they had 30 days to comply. Time is now up. And the consequences are potentially substantial with the law carrying fines of up to $2,500 per download.

California’s Online Privacy Protection Act (OPPA) provides that “[a]n operator of a commercial Web site or online service that collects personally identifiable information through the Internet about individual consumers residing in California who use or visit its commercial Web site or online service shall conspicuously post its privacy policy on its Web site,” or in the case of an operator of an online service, make that policy reasonably accessible to those consumers. The OPPA also includes specific requirements for the content of privacy policies. While the OPPA has been in effect since 2004, the Attorney General’s office only recently began focusing its attention on enforcing the law against app developers.

The Attorney General’s office sent about 100 warning letters to the developers of some of the most popular apps in this first round, stating that it was the first step in enforcement against those developers. Given the high proportion of apps without posted privacy policies, it is likely that additional letters will be sent. While no more formal enforcement actions have been reported, the Attorney General has indicated that she and her office are prepared to sue developers if necessary. In addition, the Attorney General has reached an agreement with the major app platforms to require that apps distributed through their platforms have clear privacy policies.

While the Attorney General is presently giving app developers 30 days to comply with the OPPA in the warning letters, with the increased regulatory and consumer focus on privacy issues, app developers should examine their information privacy practices and draft and post a privacy policy that complies with the OPPA and other privacy laws. Many developers cut and paste privacy policies from other apps. This is a mistake. Those privacy policies may not comply with the law. Also, each developer should tailor its privacy policy to fit their specific app and information privacy practices.


Written by:

Published In:

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Sheppard Mullin Richter & Hampton LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.