Felicity Kohn
California has reached an agreement designed to protect the privacy of mobile app users with Amazon.com, Apple, Google, HP, Microsoft, and a company called Research in Motion. The agreement was sparked by the fact that smartphone apps routinely transmit users’ contacts and other personal data, including location, identity, messages, and photos, without their knowledge. Both Apple and Google already require app developers to ask users for permission to obtain personal data. However, users are rarely told which data is being collected or how it will be stored or used. Moreover, some developers – even makers of very popular apps – have collected and transmitted users’ contact lists without their consent.
California’s agreement requires developers of apps for mobile phones to post clearly marked privacy policies explaining what personal information they will collect and how they will use it. According to the California attorney general’s office, only 5% of mobile apps currently have a privacy policy in place. In addition to requiring app developers to post privacy policies, California’s agreement also requires app store providers like Apple and Google to provide ways for users to report apps that don’t comply. In an interesting connection to our conversation about FTC enforcement powers, the California attorney general’s office said that developers who violated their own privacy policies could be prosecuted under California’s Unfair Competition Law and False Advertising Law.
California’s agreement also relates to our conversation about the White House’s suggestion for multistakeholder meetings to develop enforceable codes of conduct, in that the statement by California attorney general suggests that this agreement was born of just such a process: “[T]hese companies have to be commended for accepting the invitation to meet around our table, act on it and sign the agreement…” Perhaps this agreement indicates the willingness of tech companies to engage in that kind of a process.
Finally, it’s interesting – and perhaps telling – that California brokered the deal with these major tech companies since it is the state that was on the forefront of requiring notices to consumers regarding breaches of their data, and the casebook notes that most states then followed suit (p. 881-82). Thus, state regulation may provide yet a third means (other than Congressional action and White House policy) of advancing the cause of consumer privacy.
The link to the article is here: http://bits.blogs.nytimes.com/2012/02/22/california-attorney-general-reaches-deal-on-app-privacy/?scp=6&sq=privacy&st=cse
I found it interesting how in the first para of the agreement it specifically disclaims any intent to make binding legal commitments and such. Which means, what exactly is this agreement? Sounds like a statement of principles that they hope to abide by, but don’t have to.