Ever on the forefront of consumer privacy protection, California
is again making news in the privacy world with the California
Attorney General's recent publication of "Privacy on the Go: Recommendations for the Mobile
Ecosystem," which includes privacy recommendations for app
developers, app platform providers, mobile ad networks, makers of
operating systems and mobile carriers. With this publication,
California joins the FTC and the GSMA as entities that have
published non-binding guidance with respect to mobile privacy
(which we blogged about
In the publication, the Attorney General notes that these
recommendations often ". . . offer greater protection than
afforded by existing law, [and] are intended to encourage all
players in the mobile marketplace to consider privacy implications
at the outset of the design process." The report
outlines the following specific recommendations:
For App Developers:
Start with a data checklist to review the personally
identifiable data your app could collect and use it to make
decisions on your privacy practices.
Be transparent with respect to your privacy practices.
Avoid or limit collecting or retaining personally identifiable
data not needed for your app's basic functionality.
Give users access to personally identifiable data the app
collects and retains about them.
Use security safeguards.
Be accountable for compliance with applicable laws.
conspicuously accessible to users and potential
Use enhanced measures – "special notices" or
the combination of a short privacy statement and privacy controls
– to draw users' attention to data practices that maybe
unexpected and to enable them to make meaningful choices.
Make app privacy policies accessible from the app platform so
that they may be reviewed before a user downloads an app.
Use the platform to educate users on mobile privacy.
For Mobile Ad Networks:
Avoid using out-of-app ads that are delivered by modifying
browser settings or placing icons on the mobile desktop.
will enable the delivery of targeted ads through your network.
Move away from the use of unchangeable device-specific
identifiers and transition to app-specific or temporary device
For Operating System Developers:
Develop global privacy settings that allow users to control the
data and device features accessible to apps.
For Mobile Carriers:
Leverage your ongoing relationship with mobile customers to
educate them on mobile privacy and particularly on children's
While the California Attorney General acknowledges that the
recommendations are just that – recommendations – it is
clear that as "smart phones" become ubiquitous, more
federal and state regulation will impact, in one way or another,
all participants in the mobile ecosystem.
On July 23, 2014, the Massachusetts Attorney General announced a consent judgment with an out-of-state Rhode Island hospital, Women & Infants Hospital of Rhode Island ("WIH" or the "Hospital"), resolving a lawsuit against WIH for violations of federal and state information security and privacy laws involving the loss of over 12,000 Massachusetts residents’ sensitive patient health records
One of the world’s most consumer protective spam laws recently went into effect in Canada on July 1, 2014, and many companies operating outside of Canada are learning that the law also impacts them because of how broadly it is drafted.