The wealth of personal data that mobile apps collect on their users needs to be conspicuously stated to consumers or developers could face legal heat, California Attorney General Kamala D. Harris said Wednesday.
Rather than resorting to subpoenas and enforcement actions, the California attorney general's office is in the midst of a crusade of sorts built around encouraging app developers, and Internet services firms in general, to become compliant with state privacy laws on their own accord.
Last year, for instance, the office reached an agreement with a number of major tech companies, including Facebook and Google, to make the privacy policies for those companies' mobile apps available to consumers in the Apple App Store and Google Play Store before the download process rather than after. The idea is to encourage technology companies that have access to users' personal identifiable information such as geolocation and contact lists to better inform consumers how that information is used so consumers can make better decisions about using the app in the first place.
California has some of the strongest privacy laws in the country and is often seen as a bellwether for how other states nationwide will grapple with the ongoing issues surrounding consumer privacy and mobile apps. Striking the right balance between innovation and protecting users' privacy, therefore, is an issue high on Harris' agenda.
"I'm very excited about this work, but I'm also a career prosecutor," the state's top attorney said. Her comments were delivered to an audience of roughly 100 app developers and others working in the mobile market during a conference on the topic at the University of California's Hastings College of Law in San Francisco.
"We're here to encourage that innovation, and to work together to figure out how we can balance the litigation interests at play when we talk about the need for the consumer to have information, and the right that consumers should have to determine what they want to give up for what they get," she said.
"It's with great excitement, and also responsibility and purpose, to make sure we protect those rights that have to be protected," Harris added.
A major law at the center of the issue in California is the Online Privacy Protection Act, which requires operators of websites and online services, including mobile and social apps that collect personally identifiable information from Californians, to clearly post a privacy policy.
The state has already sued Delta Airlines for failing to comply with the law; that case is ongoing.
Although Harris sought to express excitement for technology at the conference, some attendees were not quite sure whether her remarks, as well similar comments made by the U.S. Federal Trade Commission, signaled that attorneys and regulators were more excited by their work or ready to fight back against it legally.
"I agree with you, but at the same time I'm terrified of you," said Jonathan Nelson, a developer with the group Hackers & Founders, during a panel discussion. Part of the issue, he said, is that developers don't have enough resources available to them to make sense of the legal landscape.
"I suspect there are a number of people who are scared that they could violate digital privacy laws inadvertently," Nelson said.