Skip to main content

Legal Update

California Attorney General Provides Privacy Recommendations for Mobile Industry

23 January 2013
Mayer Brown Legal Update

Last week, California Attorney General (AG) Kamala D. Harris released new privacy recommendations for the mobile industry in an official report titled “Privacy On the Go: Recommendations for the Mobile Ecosystem” The report—part of an ongoing state initiative to strengthen consumer-privacy protections—sets forth the AG’s preferred best practices for clear, comprehensive and conspicuous privacy policies in the app marketplace. Most notably, the California AG suggests that app developers make their privacy policies available and accessible to consumers before the app is downloaded.

Although the report suggests that it serves as a “template” for the state’s growing population of app developers, advertising networks and related companies, the report recommends greater protections than are required by existing law. Given that the report lists requirements as well as recommendations, it is an open question how the state will handle companies that follow existing law but do not implement the additional recommended “best practices.”

The report offers significant insight into the California AG’s outlook and planned direction for the industry, and it is expected that the report’s recommendations will be incorporated in some fashion into future enforcement actions. For instance, the report urges app developers to take a “surprise minimalization” approach, under which companies are asked to carefully consider the consumer’s perspective when making disclosures. For app developers, this approach could mean using shorter, more comprehensible privacy disclosures that would alert users to any unexpected or unusual data-collection practices.

The California AG’s office has maintained an active enforcement presence in the area of Internet privacy. Last year, that office created a dedicated unit that focuses on prosecuting perceived violations of state and federal privacy laws. As it stands now, the California AG can bring enforcement actions under the California Online Privacy Protection Act, which requires commercial players in the online-services industry to post a visible privacy policy informing users how the site or app collects and uses personally identifiable information. While the industry waits to see exactly what enforcement actions the California AG will pursue, the plaintiffs’ bar likely will push the limits of current California law—including by arguing that the Attorney General’s “best practices” are enforceable statements of California public policy that give rise to claims under California’s infamous Unfair Competition Law. Accordingly, all companies in the industry will be well served by evaluating the disclosures they make to users—and how they make them.

For more information about the privacy recommendations or any other matter raised in this Legal Update, please contact at +1 213 229 5173.

The Build a Report feature requires the use of cookies to function properly. Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently. If you do not accept cookies, this function will not work. For more information please see our Privacy Policy

You have no pages selected. Please select pages to email then resubmit.