A vast array of companies are actively entering the mobile application space as a means of gaining market share and solidifying guest relations. The trend is not limited to online service companies; firms as disparate as shopping centers, airlines, and travel agents rely on mobile applications to enhance their business. However, as mobile applications gain popularity, these companies must consider how privacy and security laws will impact how they can use those applications.
The California online privacy law
In 2004, California enacted the California Online Privacy Protection Act (“CalOPPA”). This law requires operators of websites and online services to “conspicuously post” privacy policies about the personal information that is collected, how the consumer can access or request changes to personal information, how the operator of the site will notify consumers of changes, and the effective date of the policy.
CalOPPA does not define an “online service” or mention “mobile” or “smartphone” applications, likely due to the fact that in 2004, smartphones and mobile applications were just being developed. However, the California Attorney General considers any service available over the internet or that connects to the internet, including mobile apps, to be an “online service.”
California Attorney General becomes active
National (and international) implications from this California development?
While California is the only jurisdiction to have applied its (9 year old) privacy law to mobile applications to date, California is widely regarded as a leader in consumer privacy, and many states look to California for guidance. If California did this by administrative interpretation, so could a lot of other states.
In any event, CalOPPA will have a broad reach, because it applies to:
“… [any] operator of a commercial website or online service that collects personally identifiable information through the Internet about individual consumers residing in California who use or visit its commercial website or online service….”
Thus, website or online service operators must comply with CalOPPA if they do business with any California consumers. With the size of California’s population and the importance of its market, the practical effect of CalOPPA will force an overwhelming number of online businesses (including mobile app developers) to comply with it.
Robert E. Braun is the co-chair of the Cybersecurity and Privacy Law Group at Jeffer Mangels Butler & Mitchell LLP. Bob helps clients to develop and implement privacy and information security policies, negotiate agreements for technologies and data management services, and comply with legal and regulatory requirements. He helps clients to develop and implement data breach response plans, and he and his team respond quickly to clients’ needs when a data breach occurs. Contact Bob at RBraun@jmbm.com or +1 310.785.5331.