On February 22, 2012, California’s Office of the Attorney General announced that Amazon, Apple, Google, Hewlett Packard, Microsoft and Research in Motion (the “Companies”) have all agreed to require their application (“app”) developers to post clear privacy policies for their apps wherever those apps can be downloaded (“Agreement”). Together, these Companies account for 95 percent of all app downloads. According to the Attorney General’s office, of the top 30 most downloaded apps, only 8 have posted privacy policies.
In recent weeks, this issue has come to the forefront as Path, a social networking app, admitted to collecting and storing information from users’ address books without first notifying its users. After Path’s revelation, Twitter, Foursquare, and Instagram all acknowledged that they collect users’ address book information without consent as well. Apple also announced a change to its app developer guidelines, saying that iOS applications that collect user data without consent are prohibited.
According to Attorney General Kamala Harris, “[t]his [A]greement strengthens the privacy protections of California consumers and of millions of people around the globe who use mobile apps. By ensuring that mobile apps have privacy policies, we create more transparency and give mobile users more informed control over who accesses their personal information and how it is used.”
If an app developer does not comply with the privacy policies as required by the Agreement, developers can be prosecuted under California’s Unfair Competition Law or False Advertising Law. No timeline for compliance has been set, but the Attorney General said that she would meet with the Companies in six months to assess developers’ progress.