Facebook, Inc., operator of Facebook.com, recently became the latest large website operator to sign on to California’s agreement with major mobile application companies requiring mobile privacy policy notices for apps. Facebook’s act of signing on to the agreement extended the reach of the agreement into social networking.

All application developers should be aware of this policy adopted by Facebook as well as the need for privacy policies. Specifically, Facebook’s Platform Policies requires all application developers to “have a privacy policy that tells users what user data you are going to use and how you will use, display, share, or transfer that data” and for developers to include the privacy policy URL within the application. These requirements are in line with the California agreement and California law. Namely, California has a law requiring web site operators to post privacy policies that meet the following criteria: (1) lists the operator’s personal information collection, use, and sharing practices; (2) notifies users of the operators process for permitting users to review and request changes to personal information stored about them; (3) notifies users of the process by which the operator will notify users of any changes to its privacy policy; and (4) provides an effective date. Despite the presence of this law, and the Federal Trade Commission’s (FTC) support of privacy policies, both the California attorney general and the FTC discovered a widespread failure on the part of app developers to provide such privacy policies for their apps.

Earlier this year, in an effort to remedy this deficiency, the California attorney general struck an agreement with large mobile application providers, including Amazon, Apple, Google, Hewlett-Packard, Microsoft and Research In Motion. In that agreement, the companies agreed to several privacy principles that would require app developers that provide applications through their platforms to post privacy policies in line with the California law requiring privacy policies. See our earlier alert here for additional information regarding these past developments.

Facebook is but one of a growing number of companies that is revisiting its focus on privacy. The FTC and the California Attorney General have been two large players encouraging such a focus. All app developers and website operators should be aware of the California law requiring privacy policies as well as the growing list of companies that have agreed to comply. Privacy policies are not only best practice, they are often required.