California Attorney General Kamala Harris recently reached an agreement with Apple, Google, Amazon, Microsoft, Hewlett-Packard and Research in Motion in which the six companies conceded that California law requires apps to have privacy policies. They agreed tha they would require app developers who collect personal information to include these privacy policies. The overwhelming majority of the most-downloaded mobile apps currently do not have privacy policies. Ms. Harris pointed out that people who use these apps are not aware of how their personal information is being used. She indicated that the agreement with the six companies would give the consuming public the tools they need to protect their privacy.
Although the agreement was reached only recently, it is designed to enforce an eight-year old California statute requiring privacy policies. Until recently it was unclear whether California law, which requires privacy policies from websites, also applied to apps. Now, apparently, it has been decided that it applies to apps as well.
As part of the deal, the companies agreed to continue monitoring by the Attorney General’s office with another meeting scheduled in six months to see what progress they made.
The companies participating in the deal had varying reactions.
Google, for example, would not reveal how it would enforce the rules on its Android smartphone. Instead a spokesman pointed out that Android has a system in place which informs customers what data is accessible to a particular app. Further, it requires approval from the consumer before an app can be installed. Google did allow that consumers of its apps will be given more ways to make informed decisions regarding their privacy.
Research In Motion took a co-operative stance, indicating that it would be working with the attorney general and the developers of apps to publicize their privacy policies.
Microsoft also expressed support for the deal reached with the attorney general, and claimed that it took the issue of consumer privacy most seriously.
Apple merely confirmed its participation in the deal while Amazon refused to comment. Hewlett-Packard would not respond to requests for comment.
The privacy policies provided on websites have proved to be worthless, and consumers do not pay them any attention. These policies contain broad, vague language replete with legalese which is designed to protect companies rather than to inform the consumer as to what information they are collecting.
A 2010 study by The Wall Street Journal of 101 popular apps revealed that over half the apps transmitted the smartphone’s unique ID to other companies without the consumers’ awareness or consent. A little less than half the apps transmitted the phone’s location and approximately five percent of the apps transmitted personal details of the consumers to third parties.
The California attorney general is not the only government official concerned about the privacy of mobile apps. The Federal Trade Commission is urging app developers for children to provide more information on their data collection practices. The agency plans to investigate whether apps violate child privacy laws.
The new deal reached in California is only the beginning of what promises to be a knotty problem which will present new issues in the future in need of government regulation.