Privacy Compliance Challenges for Mobile App Developers

Mobile application development continues to be an interesting growth area for entrepreneurs. With the industry a mere four years old, consumers and business users alike continue to seek out and use new apps at a rapid pace. In fact, recent research shows that the use of mobile apps in the U.S. rose nearly 35% this year.

While there are tremendous opportunities in mobile app development and marketing, start-ups entering this field must pay heed to their compliance obligations, particularly in the area of consumer privacy. Mobile app developers have been getting particular attention in California where the state’s attorney general, Kamala Harris, has been warning developers that if they fail to communicate their privacy policies to their end users in a clear and conspicuous manner, they face the possibility of significant fines.

At issue in California is the state’s Online Privacy Protection Act (the “CalOPPA”), which requires all online services that collect personally identifiable information about consumers residing in California to post privacy policies that explain their information collection and use practices. CalOPPA was passed in 2003 and online services have had to comply with its terms for several years now. However, in recent months, California regulators have been focusing increased attention on companies’ compliance with the measure. At the end of October, Attorney General Harris began notifying mobile app developers that they had 30 days to post a privacy policy or could face a fine of up to $2,500 each time their app is downloaded.

In the first action against mobile apps providers for claimed violations of CalOPPA, on December 6th, Attorney General Harris filed a civil suit against Delta Airlines for its failure to include a privacy policy notice in its Fly Delta app.

With the expiration of the 30-day warning period and the filing of the first suit, it is critical for all developers of mobile applications to ensure that they are displaying privacy policies if their applications collect personally identifiable information.  Significantly, because CalOPPA applies to online services that collect data from consumers residing in California, the impact of this development reaches far beyond California.

Of course, when developing a privacy policy for a mobile app, as is the case with any other online service, it is essential to ensure that the privacy policy ultimately displayed is a complete and accurate description of the company’s actual policies and practices. Also, if an app is used for collecting regulated information, such as health-related apps used to collect protected health data, attention will also need to be paid to ensuring that the privacy-related disclosure addresses the applicable legal and regulatory requirements.

This post on Start-up Legal Issues was authored by Jacqueline Klosek.

 

 
= required field