In 2003, California passed its Online Privacy Protection Act, which established guidelines for informing users about privacy policy information. In the decade since the law took effect, technology has changed significantly—and so have cyber liability standards. This week saw a startling case that highlights how increased legal crackdowns on the law could cost mobile app developers big money—even if those developers are not based in the Golden State.
Here’s what happened: California’s attorney general filed a lawsuit against Delta Airlines (headquartered in Georgia) regarding a mobile app it offers customers to track and manage their flights. Apparently, while the airline posts a privacy policy on its website, the AG didn’t think that information was readily enough available for users of the mobile app. If the charges stick, Delta could be on the hook for $2,500 per download, regardless of their current insurance coverage.
A Costly Danger for Mobile App Developers
In order for app developers to prepare for this and other potential legal actions, they must bring privacy policies into compliance with California’s guidelines by:
- Being “conspicuously” available to those who download the app.
- Outlining what type of information the app collects (e.g., photos, current location, etc.).
- Disclosing any third parties with whom collected data might be shared.
- Outlining the process by which users can review or request changes to their information.
- Explaining how users are informed about policy changes.
As of now, California’s AG is sending letters to some app developers who are not in compliance with these guidelines. The good news is that developers have 30 days to come into compliance before any fines are levied or legal action is taken.
For smaller businesses that offer apps, this should be a wake-up call: sources note that other states are starting to follow California’s lead by increasing enforcement of cyber security laws, meaning that hefty fines for failure to disclose privacy policies could become the norm.
On the Horizon: Crackdowns on Child-Targeted Apps
Another potential cash-sapper for mobile app developers? The Federal Trade Commission (FTC) has announced that it plans to crack down on privacy guidelines for apps targeted to children under 13. While 1998’s Children’s Online Privacy Protection Act guards kids against having their personal data collected online, changes in technology since the law passed mean that standards are murkier than they once were.
According to the FTC, however, only about 20 percent of kid-directed apps currently have adequate privacy disclosures. In the coming weeks, the agency plans to wrap up investigations of various app developers and update existing laws.
This is a move that could have a major impact on smaller companies and individuals who develop apps: in the last several years, the most growth in the app market has been from this segment.
Writtten by Brenna Lemieux - check her out at Google+ or Twitter