California Attorney General Announces Privacy Recommendations for Mobile Apps and the Mobile Industry
Click here to download a PDF of the Alert.
Yesterday Kamala Harris, California's Attorney General, issued Privacy on the Go: Recommendations for the Mobile Ecosystem. The report and recommendations are intended to encourage app developers and others in the mobile ecosystem to consider privacy at the beginning of the design process, and to provide detailed suggestions for providing notice of privacy practices.
Privacy on the Go: Recommendations for the Mobile Ecosystem
Most of the recommendations are directed to mobile app developers, but there are also recommendations for others in the industry, including hardware manufacturers, operating system developers, mobile telecommunications carriers, and advertising networks.
The following are some of the more significant recommendations.
Recommendations for App Developers:
- Start with a data checklist to review the personally identifiable data your app could collect, and use it to make decisions on your privacy practices.
- Avoid or limit collecting personally identifiable data not needed for your app's basic functionality.
- Use enhanced measures - "special notices" or the combination of a short privacy statement and privacy controls - to draw users' attention to data practices that may be unexpected and to enable them to make meaningful choices.
Recommendations for App Platform Providers:
- Make app privacy policies accessible from the app platform so that they may be reviewed before a user downloads an app.
- Use the platform to educate users on mobile privacy.
- Provide app users with tools to report apps that do not comply with applicable laws, or their privacy policies or terms of service about which they have questions.
Recommendations for Mobile Ad Networks:
- Avoid using out-of-app ads that are delivered by modifying browser settings or placing icons on the mobile desktop.
- Move away from the use of interchangeable device-specific identifiers and transition to app-specific or temporary device identifiers.
Recommendations for Operating System Developers:
- Develop global privacy settings that allow users to control the data and device features accessible to apps.
- Work with mobile carriers and other appropriate parties to facilitate timely patching of security vulnerabilities.
- Work with device manufacturers and mobile carriers on setting cross-platform standards for privacy controls, means of enabling the delivery of special privacy notices, and privacy icons.
- Provide tools for app developers that enable comprehensive evaluation of data collection, use, and transmission.
Recommendations for Mobile Carriers:
- Leverage your ongoing relationship with your mobile customers to educate them on privacy protection.
- Encourage consumers to look for privacy choices and controls in apps after downloading.
- Help educate parents on mobile privacy and safety for their children. Consider, for example, providing information on available resources, such as the FTC's information for parents on the Children's Online Privacy Protection Act.
Attorney General Harris is also participating in the multi-stakeholder process facilitated by the National Telecommunications and Information Administration (NTIA) to develop an enforceable code of conduct on mobile app transparency. The next NTIA meeting will be on January 17.
For more information about these new mobile privacy recommendations or other privacy topics, please contact Ieuan Jolly, Michael Thurman or Brian Nixon.
This client alert is a publication of Loeb & Loeb LLP and is intended to provide information on recent legal developments. This client alert does not create or continue an attorney client relationship nor should it be construed as legal advice or an opinion on specific situations.
Circular 230 Disclosure: To assure compliance with Treasury Department rules governing tax practice, we inform you that any advice (including in any attachment) (1) was not written and is not intended to be used, and cannot be used, for the purpose of avoiding any federal tax penalty that may be imposed on the taxpayer, and (2) may not be used in connection with promoting, marketing or recommending to another person any transaction or matter addressed herein.