Like other software application platforms before it, Facebook has signed on to a deal with California requiring its mobile software application developers to provide users with conspicuous links to posted privacy policies if their software applications gather personal data from users. California Attorney General Kamala Harris recently announced the agreement, which was originally secured in February 2012 with other large technology companies. The agreement also requires signatories to provide users with an easy mechanism for reporting developers who do not post privacy policies or who are in violation of posted privacy policies. 

As noted previously, Harris reportedly takes the position that mobile software application developers are bound by California’s 2004 Online Privacy Protection Act, which requires the posting of privacy policies by companies that collect personally identifiable information, such as names, phone numbers, email addresses or similar data from California residents. 

It appears that the federal government may be following California’s lead in the area of mobile software consumer privacy, as news of Facebook joining this agreement comes at around the same time as the Commerce Department’s announcement that it will begin holding meetings in July aiming "to develop a code of conduct to provide transparency in how companies providing applications and interactive services for mobile devices handle personal data," according to the National Telecommunications & Information Administration.  

WHAT DOES THIS MEAN TO YOU? If your company provides mobile software applications, we suggest that you consider the following steps:  

  1. Develop a privacy policy that provides clear and complete information concerning how personal data is collected from the mobile application, how that information is used and with whom it is shared.  
  2. Contact the resellers of your mobile application and find out what mechanisms they have to help you comply with this new law.  Resellers of mobile software applications likely will have an easy-to-use procedure to allow you to post a privacy policy for your mobile application. If possible, consider having users click “I agree” to show affirmative consent.  
  3. Maintain a link to this privacy policy on your primary web site.   
  4. Note that a mobile software application privacy policy likely differs from a website privacy policy, so in developing respective privacy policies, make sure to account for any specific technologies used and information gathered by each mobile software application. 
  5. Reconsider what notice you will provide users of changes to your privacy policy and terms of use. For many years it was common for U.S. businesses to reserve the rights to change a privacy policy and/or terms of use at its discretion without notice. Accordingly, the standard language in most terms of use and privacy policies was to put the responsibility on the user to check the terms of use “frequently” to confirm that the policy had not changed.  The trend at this point is away from this practice, certainly with respect to retroactive changes. Many companies are now asking their users to routinely click that they have read and agree to the changes in their terms of use and privacy policy.