Companies that run websites must comply with laws and rules requiring the maintenance of personal privacy. While federal requirements such as those applicable to financial privacy and children’s privacy gain significant attention, website and app developers also should pay careful attention to state privacy requirements. State regulators are monitoring websites and apps for compliance with their privacy mandates.
Given the open nature of the Internet, companies and Web developers, as a practical matter, need to comply with the strictest state privacy requirements — since they can assume that their sites will be accessed from all the states.
So the recent letters sent by California Attorney General Kamala Harris to 100 companies and mobile app developers (including Delta, United Continental and Open Table), asking them to bring their privacy policies in line with California state law, are highly relevant to anyone whose Web site is going to be accessed in California.
In these letters, Harris gave companies and developers 30 days to come up with a plan to comply with the California privacy law, or tell her why it does not apply to a particular app. After the 30 days are up, Harris will apparently sue the firms or developers that aren’t complying, with a potential fine of up to $2,500 each time the app is downloaded.
“Protecting the privacy of online consumers is a serious law enforcement matter,” Harris said in a statement. “We have worked hard to ensure that app developers are aware of their legal obligations to respect the privacy of Californians, but it is critical that we take all necessary steps to enforce California’s privacy laws.”
We must emphasize that anyone who makes apps and websites available to consumers must comply with state as well as federal requirements. The California actions will only be the beginning.