November 1, 2012
Effective November 29, 2012, all software applications developers who make their apps available in California must comply with new privacy requirements. Specifically, apps developers must provide notice to users describing all personally identifiable information collected, processed, or distributed by their apps. Failure to provide such notice can result in a $2,500 fine for each download of the app.
The notice must clearly identify all of the information which will be collected, processed, or distributed. It must describe how the information will be used, and who will have access to it.
The notice must be presented in a clear and conspicuous manner, so that it can be readily accessed and understood by users. Additionally, the notice must be made available within the app directly, not through an associated web site or some other ancillary process.
California’s online privacy protection law has long placed notice requirements on web sites and a range of other online services. On October 30, 2012, the California Attorney General announced that it considered mobile apps to be a form of online service, thus making the online privacy notice requirements applicable to the apps.
California’s action is significant because it extends privacy notice requirements to a significant number of apps. It is also significant as it recognizes mobile apps as a form of online service, not merely a software product.
It is likely that other jurisdictions will soon take action similar to California’s By characterizing mobile apps as online services, governments will subject apps to the same oversight that web content and numerous other online activities face.
In this environment, it is prudent for apps developers to consider their products to be online services. Accordingly, they should make sure that their apps comply with all requirements placed on online services and content by the authorities.