On Friday, October 14, 2016, Attorney General Kamala D. Harris announced the launch of a new tool for consumers to report alleged violations of the California Online Privacy Protection Act (CalOPPA). CalOPPA requires companies doing business in California (even if operating from outside of California) to post compliant privacy policies and abide by the promises in those policies. The press release announcing the launch of the new tool mentions a specific focus on the “internet of things” as well as how companies are sharing information they collect about users. The tool allows consumers to fill out an online form and submit it to the AG’s office.
A new study from the Future of Privacy Forum is cited in the press release. The study calls out that while a significant percentage of mobile apps now have privacy policies, health and fitness apps that collect sensitive PII are less likely to have privacy policies than others. The study also found that apps are not properly disclosing their information sharing practices. The AG (in coordination with research conducted by Carnegie Mellon University) is reviewing a number of apps in the Google Play store for legal compliance.
We should all expect new enforcement actions coming from the CA AG’s Office in the near term.