Wednesday, November 14, 2012

California Attorney General Notifies Mobile App Developers of Non-Compliance with Privacy Law

I happened to miss this press release from the Attorney General's Office a couple of weeks back regarding mobile app privacy policies, but I heard people discussing it as a recent IP conference. Therefore, I wanted to make sure that I added the press release to the blog library!

###

Tuesday, October 30, 2012
Contact: (415) 703-5837
 
SAN FRANCISCO -- Attorney General Kamala D. Harris this week began formally notifying scores of mobile application developers and companies that they are not in compliance with California privacy law.
The companies were given 30 days to conspicuously post a privacy policy within their app that informs users of what personally identifiable information about them is being collected and what will be done with that private information. Letters will be sent out to up to 100 non-compliant apps at this time, starting with those who have the most popular apps available on mobile platforms.

"Protecting the privacy of online consumers is a serious law enforcement matter," said Attorney General Kamala D. Harris. "We have worked hard to ensure that app developers are aware of their legal obligations to respect the privacy of Californians, but it is critical that we take all necessary steps to enforce California’s privacy laws."

The letters are the first step in taking legal action to enforce the California Online Privacy Protection Act (Simitian), which requires commercial operators of online services, including mobile and social apps, which collect personally identifiable information from Californians to conspicuously post a privacy policy. Privacy policies are an important safeguard for consumers. Privacy policies promote transparency in how companies collect, use, and share personal information. Companies can face fines of up to $2,500 each time a non-compliant app is downloaded.

This action by Attorney General Harris follows an agreement she forged among the seven leading mobile and social app platforms to improve privacy protections for millions of users around the globe who use apps on their smartphones, tablets, and other electronic devices. Those platforms – Amazon, Apple, Facebook, Google, Hewlett-Packard, Microsoft, and Research in Motion – agreed to privacy principles designed to bring the industry in line with California law requiring mobile apps that collect personal information to have a privacy policy. The agreement allows consumers the opportunity to review an app’s privacy policy before they download the app rather than after, and offers consumers a consistent location for an app’s privacy policy on the application-download screen in the platform store.

The California Online Privacy Protection Act is one of the privacy laws that the Privacy Enforcement and Protection Unit is charged with enforcing. Created in 2012, the Privacy Unit’s mission is to enforce federal and state privacy laws regulating the collection, retention, disclosure, and destruction of private or sensitive information by individuals, organizations, and the government. This includes laws relating to cyber privacy, health privacy, financial privacy, identity theft, government records and data breaches.

The February 2012 press release announcing the apps agreement can be found here. The June 2012 press release announcing that Facebook joined the apps agreement can be found here.

A sample non-compliance letter is attached.

# # #

Copyright Alert System (CAS): ISPs to Send Notices to Alleged Infringers

For anyone who may be infringing upon copyrighted works over the world wide web and networks, you may soon be receiving a notice from your Internet Service Provider (ISP) as a part of the recently implemented Copyright Alert System (CAS). The Center for Copyright Information says that notices will start in the next couple of months. 

...[E]ach participating ISP expects to begin rolling out its version of the CAS – a system through which ISPs will pass on to their subscribers notices sent by content owners alleging copyright infringement over peer-to-peer networks. Educational alerts will come first, followed by acknowledgement alerts that require the recipients to let their ISP know they have received the notices. For accounts where alleged infringing activity continues, enhanced alerts that contain “mitigation measures” will follow. These mitigation measures will vary by ISP and range from requiring the subscriber to review educational materials, to a temporary slow-down of Internet access speed. However, termination of a consumer’s Internet service is not a part of any ISP’s Copyright Alert System program. Contrary to many erroneous reports, this is not a “six-strikes-and-you’re-out” system that would result in termination. There's no "strikeout" in this program.