California AG Releases Mobile App Guidelines; Industry Responds
A coalition of seven advertising and marketing industry groups recently responded to the guidelines in a letter objecting because there was no public notice and comment period and neither the groups nor their members were consulted in preparing the guidelines. The letter summarizes the ad industry’s self-regulatory efforts to address mobile privacy and expresses concern that the guidelines “are unworkable,” “would lock in current business models,” and “thwart future innovation.” The letter also notes that the guidelines “are not grounded in any apparent legal authority, go well beyond existing requirements under California law, as well as Federal law.” Having industry consensus is certainly important, as demonstrated by the recent breakdown in negotiations over Do Not Track (which, notably, involved many of the same industry groups).
Summary of Guidelines
The guidelines suggest that a variety of stakeholders share responsibility for privacy outcomes. The following section distills a few of the key recommendations from the AG’s guidelines:
App Platform Providers. Privacy policies should be accessible before a user downloads and app, and the platform should be used to educate users about mobile privacy. Users should be able to report apps that are noncompliant with the law.
Operating System Developers. Security vulnerabilities should be timely patched, and developers should work with mobile carriers to this end. Global privacy settings and overrides should be developed to allow users to have control over the use of personally identifiable information and hardware features that apps can access.
Mobile Carriers. Mobile carriers should educate their users regarding privacy protection and encourage users to review privacy choices available for apps. Carriers should also work with operating system developers to facilitate the patching of security vulnerabilities.