- Published Articles
- In the Press
- Press Releases
Sign Up for Alerts
Sign up to receive receive industry-specific emails from our legal team.
Sign Up for Alerts
We provide tailored, industry-specific legal updates to our clients and other friends of the firm.
Areas of Interest
January 10th, 2013
California Releases New Mobile App Privacy Recommendations
California's Attorney General recently released a set of official privacy recommendations for consideration by mobile app developers, mobile ad networks and related industry players. The recommendations, published in a report entitled, "Privacy on the Go: Recommendations for the Mobile Ecosystem," include development and disclosure recommendations that encourage participants in the mobile app ecosystem to consider privacy at the outset of the app design process and to focus on minimizing surprises to users from unexpected privacy practices. Although some of the recommendations are already required by existing law, most of them are provided for purposes of educating the industry and promoting privacy best practices.
This report comes on the heels of recent enforcement actions initiated by the California Attorney General against mobile app producers, as well as a recent FTC report critical of mobile app privacy practices.
The report includes the following suggestions:
I. Recommendations for App Developers
- Consider privacy at the outset of the development process. Create checklists to review the personally identifiable information ("PII") your apps could collect, and to help you make privacy decisions about data collection, use, disclosure, and retention.
- Avoid or limit collections of "sensitive information" (e.g., precise geo-location, financial and medical data, stored data such as contacts or photos, children's information, etc.) and any PII not needed for your app's basic functionality. Do not retain PII longer than strictly necessary.
- Provide users with control settings to help them manage how their information is treated, especially for sensitive information. Develop mechanisms to give users access to their PII.
- Use an app-specific or other non-persistent device identifier rather than a persistent, globally unique identifier.
- Make sure the app's default settings are privacy protective.
- Use security safeguards (such as encryption) to protect PII from unauthorized access, use, disclosure, modification or destruction.
- Comply with applicable laws (such as laws pertaining to Apps directed to children) and industry requirements (such as Payment Card Industry Data Security Standards).
- Designate someone in your organization to have responsibility for App privacy and provide appropriate training to employees concerning privacy.
II. Recommendations for Mobile Ad Networks
- Avoid delivering ads outside of the context of the app. For example, avoid modifying users' mobile web browser settings or placing icons on their mobile desktops. However, if ads will be delivered outside of the app, obtain prior consent from users, and provide clear attribution to the applicable host app.
- Use enhanced communication methods (e.g., just-in-time notices), and obtain prior consent from users, before accessing PII.
- Use app-specific or temporary device identifiers, rather than device-specific identifiers.
- Transmit user data securely.
III. Recommendations for App Platform Providers
- Allow users to access and review Privacy Policies for apps from within the app platform prior to their download of the app.
- Educate app developers about their privacy obligations, and encourage consumers to look for relevant privacy policies and controls.
- Provide users with tools to report non-compliant apps.
IV. Recommendations for Others
- Developers of operating systems for mobile devices - such as Apple, Google, and Microsoft - are encouraged to develop global privacy settings that allow users to control the information and device features accessible to apps.
- Mobile Carriers are encouraged to educate mobile customers on mobile privacy, especially with respect to children.
For more information on the report, or legal issues associated with mobile apps, please contact Greg Boyd at (212) 826 5581 or email@example.com; or any other member of the Technology, Digital Media & Privacy or Advertising Groups.
Other Advertising Law Alerts
What the Advertising Industry Can Learn from Kim Kardashian’s Settlement with the SEC
On October 3, 2022, the Securities and Exchange Commission (SEC) announced that it entered into a $1.26 million settlement with Kim Kardashian over her social media promotion of the EMAX token without disclosing payment she received from token issuer, EthereumMax. The matter provides important lessons for advertisers. Read more.
October 10 2022
Get Ready for California’s New “Automatic Renewal” Rules
California recently amended its Automatic Purchase Renewals law. The amended statute - effective July 1st -- require marketers to provide consumers of automatic renewal or continuous service offers with more information and easier ways to terminate. Read more.
June 22 2018
“Made in the U.S.A.” Claims Continue to be Scrutinized
In 2016, California amended Section 17533.7 of the California Business and Professions Code ("Section 17533"), liberalizing the standard for selling products labeled "Made in U.S.A" to California consumers. Read more.
June 4 2018