California Attorney General Releases Mobile App Guidance
Harris acknowledges that many of the recommendations go beyond what is required by existing law, in hopes that Privacy on the Go will shape privacy practices in the rapidly growing mobile app ecosystem.
Additional highlights from Privacy on the Go include the following:
Recommendations for app developers
- Start the app development process by using a checklist that assesses an app’s data collection, use, and sharing practices.
Minimize the collection of personally identifiable data.
- Develop accurate, conspicuous, and easy-to-understand privacy policies that are available to consumers prior to download.
- Use enhanced notice mechanisms to highlight potentially unexpected data practices (e.g., collecting sensitive information, accessing text messages or call logs, or disclosing personally identifiable information that is not required for an app’s functionality).
- Store personal data only as needed to perform the functions for which the data was collected.
- Make default settings of an app “privacy protective” (e.g., do not permit the automatic sharing of contact information by default).
Recommendations for app platform providers
- Make the privacy policies of app developers available to consumers on the app platform.
- Educate app developers about their privacy obligations and privacy best practices.
- Educate consumers on mobile privacy by providing links to information on the app platform.
Recommendations for mobile ad networks
- Avoid placing ads that appear outside the app (e.g., in notification bars or on the mobile desktop).
Recommendations for operating system developers
- Develop global privacy settings within the operating system by which users can control whether apps can access personally identifiable data or alter system settings.
- Educate mobile customers about privacy issues.
- Work with operating system developers to address security vulnerabilities.
James Denvil, an associate in our Washington office, contributed to this entry which originally appeared on the Hogan Lovells Chronicle of Data Protection Blog.