A vast array of companies are actively entering the mobile application space as a means of gaining market share and solidifying guest relations. The trend is not limited to online service companies; firms as disparate as shopping centers, airlines, and travel agents rely on mobile applications to enhance their business. However, as mobile applications gain popularity, these companies must consider how privacy and security laws will impact how they can use those applications.
The California online privacy law
In 2004, California enacted the California Online Privacy Protection Act (“CalOPPA”). This law requires operators of websites and online services to “conspicuously post” privacy policies about the personal information that is collected, how the consumer can access or request changes to personal information, how the operator of the site will notify consumers of changes, and the effective date of the policy.
CalOPPA does not define an “online service” or mention “mobile” or “smartphone” applications, likely due to the fact that in 2004, smartphones and mobile applications were just being developed. However, the California Attorney General considers any service available over the internet or that connects to the internet, including mobile apps, to be an “online service.”
California Attorney General becomes active
National (and international) implications from this California development?
While California is the only jurisdiction to have applied its (9 year old) privacy law to mobile applications to date, California is widely regarded as a leader in consumer privacy, and many states look to California for guidance. If California did this by administrative interpretation, so could a lot of other states.
In any event, CalOPPA will have a broad reach, because it applies to:
“… [any] operator of a commercial website or online service that collects personally identifiable information through the Internet about individual consumers residing in California who use or visit its commercial website or online service….”
Thus, website or online service operators must comply with CalOPPA if they do business with any California consumers. With the size of California’s population and the importance of its market, the practical effect of CalOPPA will force an overwhelming number of online businesses (including mobile app developers) to comply with it.
Robert Braun is a member of the JMBM Data Security and Privacy Group, and counsels companies in the areas of information technology, data security and privacy, breach notification and remediation, software development and licensing, and electronic commerce transactions. Contact Bob at 310.785.5331 or RBraun@JMBM.com.