Privacy Guidelines from California and the FTC for Mobile Apps

February 11, 2013

California app regulationsDevelopers and distributors of software applications (“apps”) used on mobile devices are now expected to adhere to basic standards of privacy with respect to sensitive personal information associated with apps users.  As discussed previously in this blog, California was the first jurisdiction to enact formal privacy requirements for apps.  Now, the Federal Trade Commission has issued apps privacy guidelines, as well.

The California apps privacy standards, which went into effect late in 2012, require that all mobile apps distributed in California include a description of all sensitive personal information collected or processed by the app.  The standards also require that the privacy notice identify all parties who will have access to the information and describe how the information will be used.  The privacy notice must be included directly in the app and express consent for collection and processing of the information must be obtained from the user.

California has filed the initial lawsuit enforcing the apps privacy rules against Delta Air Lines in Superior Court in San Francisco (California v. Delta Air Lines).  This case is particularly significant as it illustrates that the privacy rules can be enforced against parties that commission, brand, support, and distribute mobile apps, in addition to the software developers who create the apps.

Following California’s lead, the FTC recently approved privacy guidelines for mobile apps.  Those guidelines are described in a report issued by FTC staff.  Although these guidelines are not formal rules, they provide a clear indication of the priority the FTC now places on privacy in the context of software apps.

The FTC guidelines embrace California’s approach involving full disclosure and express consumer consent.  Like California, the FTC includes geo-location tracking information (e.g., GPS) as a form of sensitive personal information which should be considered to be private.

The FTC guidelines complement information security recommendations previously issued by the Commission, which are available in the document, “Mobile Apps Developers: Start with Security,”.  In that document, the Commission provides an important and useful set of security recommendations for use by apps developers and distributors.  Those recommendations are designed to enhance the privacy of sensitive information.

There is a clear trend emerging, at both the state and federal levels, which places significant emphasis on the privacy of consumer information in the context of software apps.  All parties involved in the development, distribution, and support of apps should monitor carefully the continuing evolution of apps privacy requirements and guidelines.  Expectations of privacy, by consumers and by government authorities, will have a significant future impact on the apps community.