Report on NTIA Meeting on December 17, 2012

The issues surrounding mobile privacy have garnered heightened attention by the FTC, President Obama’s administration, the California AG and the class action bar over the past 10 months. There are currently some 77 class action lawsuits concerning mobile privacy right now (including 13 class actions that are MDL’d in Northern District of California). In February 2012, the CA AG Kamala Harris made it clear that all mobile apps that are accessible to California residents must contain privacy policy. In the CA Ag’s view, this edict basically covers all apps in Apple’s app store, Facebook, Google etc..) On Tuesday, October 30, the California AG issued a press release advising that the AG’s office was “formally notifying” mobile device application (“app”) operators that they are out of compliance with the notice provisions of the California Online Privacy Protection Act of 2003 (“CalOPPA”). It has been reported that over 100 companies are considered out of compliance. These companies— such as United Airlines, Delta Airlines and Open Table — were given 30 days to bring their apps into compliance or risk fines of up to $2,500 per app download. On December 6th, the California AG filed the enforcement lawsuit against Delta.

As the enforcement environment heightens, industry leaders have been working diligently with consumer groups to reach common ground regarding the best practices for compliance vis a vis priacy and mobile app disclosures. As reported in our Edwards Wildman client alert, in March 2012, President Obama called for the Department of Commerce National Telecommunications and Information Administration Committee (NTIA) to hold multi-stakeholder meetings to develop industry codes of conduct regarding privacy best practices. The President also encouraged the FTC to create a “safe harbor” for those companies that voluntarily adopt a code of conduct against future enforcement. The FTC has indicated that provided a company follows the industry code, this will beneficially impact the company in the event of future enforcement activities. We have said that clients should be part of this process and Edwards Wildman is participating to help ensure that industry perspectives (from companies to app developers to ad networks) are represented. The NTIA convened meetings starting July 2012 to address mobile privacy. The most recent meeting took place today on December 17, 2012. Edwards Wildman is covering these meetings and is part of the committee.

Over the past six months, the NTIA multi-stakeholder privacy app committee has developed a working draft of the types of disclosures that should be included as a “best practice” for apps. The December 17, 2012 draft document and draft short screen notices depicting how privacy disclosures should be made going forward will be further refined at the January 2013 meeting.

Take aways. Many companies rely on their vendors to help them develop mobile apps for marketing. Many of these mobile apps do not contain privacy notices at all. Even if they do, the privacy disclosures are subject to consumer complaints and class action activity because they fail to include short form disclosures regarding what information the app collects, shares and with whom. The short form notices are considered best practices and go above and beyond what is contained in the privacy policy