California Attorney General Kamala D. Harris has begun formally notifying scores of mobile application developers and companies that they do not comply with California privacy law.  These notices give these businesses 30 days to develop and conspicuously post a privacy policy that clearly tells users (1) what personally identifiable information about them the app collects, and (2) how that information will be used.

According to the AG’s public announcement, letters will now be sent to up to 100 companies, “starting with those who have the most popular apps available on mobile platforms.”  The notices state that the California Online Privacy Protection Act (“CalOPPA”) requires that any online service which collects “personally identifiable information”, including operators of mobile apps, must “conspicuously post its privacy policy in a means that is reasonably accessible to the consumer.”  Posting the policy on a Web site “may be adequate, but only if a link to that Web site is ‘reasonably accessible’ to the user within the app.”

Earlier this year, the AG announced an agreement reached with the six companies “whose platforms comprise the majority of the mobile app market” (Amazon, Apple, H-P, Microsoft and RIM) to develop privacy policy standards for the mobile apps they offer.  That announcement stated the AG’s concerns: (1) an estimated 98 billion mobile applications will be downloaded by 2015, (2) the mobile market exposes consumers to a wide variety of privacy invasions (e.g., smart phones transmit “rich data to the app developers”; mobile devices give “developers, analytic services and advertising networks [access] to a user’s location, contacts, identity, messages and photos”), and (3) “[t]he majority of mobile apps sold today do not contain a privacy policy.”

To carry through on that initiative, these new notice letters are the AG’s “first step in taking legal action to enforce the California Online Privacy Protection Act”.  To drive that point home, the notices warn of the substantial financial penalties a non-complying mobile app developer and offering sites may face: “Under California’s Unfair Competition Law, …violations of CalOPPA may result in penalties of up to $2,500 for each violation, i.e., for each copy of the unlawful app downloaded by California consumers.”  To read the full announcement by the AG’s Office, including a sample of the notice letters, click here.

These notices are yet another sign of the AG’s increasingly aggressive enforcement of privacy protection laws in California.  Earlier this year, AG Harris announced her Office’s creation of a new Privacy Protection and Enforcement Unit.  This new Unit has a broad mission to “enforce laws regulating the collection, retention, disclosure, and destruction of private or sensitive information by individuals, organizations, and the government.”  To support this effort, the Unit is staffed by Department of Justice employees, including six prosecutors who will concentrate on privacy enforcement.”  To read the AG Office announcement of that new Unit, click here.