In a move with widespread ramifications, California on Wednesday inked a deal with the six largest mobile Web providers to create the first real privacy policy standards for mobile apps.
Under the new agreements, Amazon, Apple, Google, Hewlett-Packard, Microsoft and Research In Motion will be required to ensure that all mobile apps running on their platform that collect personal information have a privacy policy. The move comes just weeks after the fiasco involving social networking app Path, which was found to have been uploading address books from Apple iPhones to its servers without asking for user permission.
California Attorney General Kamala Harris explained that the agreements will act as an extension of the California Online Privacy Protection Act, which requires website operators to post a privacy policy if they collect a user's personal information. The Act was designed to include mobile app stores but has largely been ignored by developers.
In fact, one recent study found that only around five percent of all mobile apps offer a privacy policy. Moreover, many of those that do don't provide a user with the information until after the app is downloaded, making the policy fairly worthless.
Under the new clarification of the law, the burden of responsibility will fall both on the developer – who can be prosecuted under California's Unfair Competition Law and/or False Advertising Law if they don't comply – and platform makers, who agreed to create a consistent location for privacy policies, educate developers on their obligations and give users tools to report non-compliant apps.
"Your personal privacy should not be the cost of using mobile apps, but all too often it is," Harris noted in a statement. "This agreement strengthens the privacy protections of California consumers and of millions of people around the globe who use mobile apps," she continued. "By ensuring that mobile apps have privacy policies, we create more transparency and give mobile users more informed control over who accesses their personal information and how it is used."
The agreements only apply in California, but that shouldn't matter all that much. California is a major market for developers, and it is widely expected that most app makers will follow the protocol and make their privacy policies public – or author them for the first time.
Now, app makers will need to disclose whether they are pilfering your personal information. The interesting thing will be to see if that actually stops them from doing it, or if it simply forces them to admit to the crime.
Edited by
Rich Steeves
