California AG Gives App Developers 30 Days To Post Privacy Notice 108
Trailrunner7 writes "California Attorney General Kamala D. Harris today announced a crackdown on mobile application developers and companies that haven't posted privacy policies, at least where users can easily find them. The attorney general is giving recipients 30 days 'to conspicuously post a privacy policy within their app that informs users of what personally identifiable information about them is being collected and what will be done with that private information,' according to a prepared statement. A sample letter defines the issue at hand. 'An operator of a mobile application ("app") that uses the Internet to collect PII is an "online service" within the meaning of CalOPPA. An app's commercial operator must therefore conspicuously post its privacy policy in a means that is reasonably accessible to the consumer. Having a Web site with the applicable privacy policy conspicuously posted may be adequate, but only if a link to that Web site is "reasonably accessible" to the user within the app.'"
It has to be within the app? (Score:5, Informative)
The article contradicts itself. Early in the article, it states that the policy has to be within the app, then later on, it says it has to be in the App Store. There's a huge difference between the two in what it means for app publishers.
Re:Open source privacy policy (Score:5, Informative)
Because the real intention here is to put small independent developers with their 'disruptive' technology who can't afford a gaggle of lawyers out of business.
Bullshit. It's not a conspiracy. This is an issue everyone in the 80s running single-line BBSes had to deal with. The ECPA became law 24 years ago. The California AG's message should not surprise you.
Copy someone else's privacy policy. It's what lawyers do anyway. You think they actually work at this stuff? It's all boilerplate.
You can say "we do not collect any user data" and make sure your program doesn't phone home or disclaim all privacy whatsoever. and hope nobody actually reads your privacy policy. Copy Facebook's privacy policy if you want to be evil. They bury the "we own everything you post" in language that you and I can understand but not 90 percent of users.
And at the end of it, say "we reserve the right to change this policy in the future." to further cover your ass.
It's not hard if you're honest and up front. It's only hard if you want to deceive users. That's where the tricky language comes in.
--
BMO
Re:Mobile (Score:4, Informative)
Why treat mobile apps as a special case? All software applications, client-side or web based should be treated the same way.
They aren't treated as special cases. The rules apply to any online applications, which includes pretty much all mobile apps. It's just that mobile app makers have been very poor at following the rules, likely because so many of them are small fly-by-night companies that don't have a legal department telling them what they are supposed to be doing. So 100 companies get notices that they need to have privacy policies posted, it gets splashed all over the news, and hopefully this will wake the others up to the fact that they need to be doing this just like the big boys.