California Attorney General Issues Mobile Industry Privacy Guidelines


This week, California Attorney General Kamala Harris further built on her high-profile 2012 campaign to improve privacy protection for consumers who use mobile devices[1] by issuing a report titled “Privacy on the Go” (“Privacy Report”) which lists recommended best practices for app developers, mobile advertising networks, operating systems developers, app platform providers, mobile carriers and others in the mobile industry.  The Privacy Report is not legally binding; however, it further highlights that consumer privacy is a top priority for California regulators and provides useful guidance on California regulators’ key privacy concerns relating to the mobile industry.

The Privacy Report’s key premise is that mobile device users tend to ignore traditional app privacy notices, because they are complex documents that are difficult to review on small screens.  Harris encourages companies to:  (1) consider privacy issues at the time they are designing products and services; (2) implement the Fair Information Practice Principles; and (3) adopt a “surprise minimization” approach to alert users about how their information is collected, used and disclosed and give them control over data practices not directly related to an app’s functionality or that involve sensitive information.  Harris offers numerous industry-specific recommendations, including without limitation the following:

  • Use special notices or privacy controls to draw users’ attention to data practices that may be unexpected (app developers)[2]
  • Only collect data you need to operate the app (app developers)
  • Obtain prior consent from users before obtaining/accessing personal information (app developers and ad networks)
  • Create transparent privacy notices that accurately describe your collection, use and disclosure of consumers’ personally identifiable data (app developers and ad networks)
  • Develop cross-platform privacy controls (operating system developers, mobile carriers and device manufacturers)
  • Develop global privacy settings that users can use to set controls for personal information and that can be accessed by apps (operating system developers)
  • Provide consumers with the opportunity to learn about apps’ privacy practices before downloading apps, and provide app users with tools to report non-compliant apps (app platform providers and ad networks)
  • Educate customers on privacy protection (mobile carriers and app platform providers)
  • Move away from unchangeable, device-specific identifiers and transition to temporary device identifiers (ad networks)
  • Securely transmit user data using encryption for permanent unique device identifiers and personal information (ad networks)

Although the recommendations in the Privacy Report are not currently binding, they reflect a trend towards increasing privacy and data security legislation and increasing regulation of the mobile industry.  App developers, mobile advertising networks, operating systems developers, app platform providers and mobile carriers may want to consider implementing these suggestions to stay ahead of the curve.

If you have any questions about how to comply with state or federal privacy laws or whether to implement the best practice recommendations in the Privacy Report, please contact Helen Christakos at (650) 696-2545 or at

[2] One way to do this is through privacy icons.  For more information on privacy icons, please see:


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Carr McClellan P.C. | Attorney Advertising

Written by:


Carr McClellan P.C. on:

JD Supra Readers' Choice 2016 Awards
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.