As noted in prior posts, we have been hoping that mobile app store operators, like Apple and Google, will start to encourage developers to pay attention to app privacy policies, and in the course of doing so, get smarter about their privacy practices. Great news today comes from the California Attorney General’s office, which has struck an agreement with the major app market providers to do just that.
From the announcement, here are the fundamental terms (emphasis mine):
3. The Mobile Apps Market Companies have, or will implement a means for users to report to the Mobile Platform Companies apps that do not comply with applicable terms of service and/or laws.
4. The Mobile Apps Market Companies have or will implement a process for responding to reported instances of non-compliance with applicable terms of service and/or laws. Any action that a Mobile Apps Market Company takes with respect to such an application will not limit law enforcement or any other regulator’s right to pursue an action against a developer for alleged violation of applicable law.
5. The Mobile Apps Market Companies will continue to work with the California Attorney General to develop best practices for mobile privacy in general and model mobile privacy policies in particular. Within six months the participants will convene to evaluate privacy in the mobile space, including the utility of education programs regarding mobile privacy.
Here are my takeaways:
- When will this be enforced? While there’s no specific date for enforcement to begin, I expect it will probably take longer for the app markets to set up systems to collect and act on consumer complaints about missing policies. I expect more guidance from the app marketplaces, but there’s no reason to delay implementing your policy.
- What should developers do now? It doesn’t look like there’s a requirement for app developers to immediately add a policy for an app that doesn’t already have one, but the next time they update their app, they will be required to do so. This means developers who need to add policies should start looking at this promptly, particularly since the process of developing a policy may reveal necessary changes in data practices.