In case you didn’t know, mobile applications are a big deal. In 2012, smartphone users will download some 45 billion apps, nearly twice the amount downloaded last year. According to a study done by Gartner, an information technology research firm, the year 2016 will see a staggering 300 billion downloads (h/t Mashable). As the smartphone market grows, so does the mobile app market, and so will the problems associated with the growth of any new technology.
Privacy remains a central issue with all information technology, so it’s no surprise that app developers find themselves the target of similar complaints from consumer advocacy groups and policymakers. On October 30th, developers of nearly 100 apps were notified by California’s Attorney General, Kamala Harris, of deficiencies in their privacy policies. According to Harris, all of these apps fell short of the standard set by the state’s Online Privacy Protection Act (OPPA).
After Harris’s letter was sent out, Julie O’Neill and Matthew Galeotti of Morrison & Foerster reported on the story over on the firm’s blog, Socially Aware:
“In light of the Attorney General’s announcement and her continued focus on privacy, companies that collect personal information online from California residents—whether through a website, online service, or app—should take steps to ensure that they are in compliance. According to the Attorney General’s sample non-compliance letter attached to her press release, failure to comply could subject a company to a fine of up to $2,500 each time a non-compliant app is downloaded.”
That’s right, each download of a non-compliant app could cost $2,500. Even for developers with deep pockets, that could mean huge fines if their app operates outside the bounds of OPPA.
Showing how seriously Harris was taking this issue, just weeks before providing notice to developers, Harris tweeted at United Airlines (via Tanya Forsheit of InfoLawGroup):
“Fabulous app, @United Airlines, but where is your app’s #privacy policy?”
Harris’s interest in privacy issues and mobile apps, coupled with the growth of the mobile app market meant it was just a matter of time before the AG and a developer ended up in court.
A month after sending the letter, the California State Attorney General’s office filed a complaint against a different airline, Delta, over privacy violations. As Evan Nadel and Jake Romero reported on Mintz Levin‘s Privacy & Security Matters, in addition to any fines, Harris is also seeking an injunction against Delta from distributing the “Fly Delta” app:
“According to the complaint, the Fly Delta mobile application has been available since 2010 and has been downloaded millions of times. The Fly Delta app collects a broad array of personally identifiable information from its users, including, among other things, geo-location data, photographs, names, addresses, telephone numbers, email addresses, date of birth, credit card numbers and expiration dates, and frequent traveler account numbers. Although Delta’s main website does contain a privacy policy, that privacy policy is not accessible through the mobile application and does not include a full description of the information collected by Fly Delta. Attorney General Harris is seeking an injunction against Delta preventing it from distributing the Fly Delta app, as well as a penalty of $2,500 for each violation. For mobile app developers, “each violation” can mean $2,500 for each time the non-compliant application was downloaded.”
Andrew Hoffman noted on the InfoLawGroup’s blog that the complaint included some interesting language that could be interpreted multiple ways, depending on how companies and developers read it:
“Interestingly, the Complaint recognizes the possibility that a court could conclude that having a privacy policy posted on the company’s website may comply with CalOPPA – but the Complaint makes it clear that this is not the case with Delta. The Complaint includes allegations that although Delta has a privacy policy on its website, it does not mention the “Fly Delta” app at all and does not include information about what information is collected in the app specifically (as opposed to on the website) and how it is used.”
As California is leading the way on this issue, it’s makes sense that this isn’t the first time Attorney General Harris jumped into the mobile market in an attempt to regulate the use of personal information. Divonne Smoyer has more on the State AG’s previous attempts to “increase awareness among app developers”:
“This is not AG Harris’s first foray into mobile privacy. In February 2012, she entered into a Statement of Principles with the six largest mobile app platforms (including Apple, Google, and RIM); a seventh –Facebook– agreed to the Statement of Principles in June 2012 pursuant to which the app platforms agreed to increase awareness among app developers about their legal obligations with respect to consumer privacy, and promote more transparency in privacy practices. “
With the number of smartphone users growing by the second, and tablets becoming more prevalent, it stands to reason that issues of privacy in the mobile app market will be more pressing as downloads continue. The FTC just released a report on the privacy issues in apps designed for children. This comes just a few months after the Commission published a guide for mobile app developers when considering privacy concerns. The area of mobile privacy has grown to such a degree in the past year, that LXBN has a section dedicated to the discussion of mobile apps and the law, numbering 75 posts as of today. As with most technological innovations, the advances outstrip regulations, but lawmakers appear to be catching up.
To read more about California’s complaint against Delta’s mobile application “Fly Delta” check out all of LXBN’s coverage here.
Photo Credit: Spappy.joneS, Flickr