Atty. Gen. Kamala Harris issues mobile apps privacy guidelines

California Atty. Gen. Kamala Harris
(Bob Chamberlin / Los Angeles Times)

California’s top cop has issued guidelines on what steps software developers should take to protect the privacy of consumers on mobile devices.

Until recently, the data collection practices of mobile apps makers -- and the rest of the mobile ecosystem such as advertising networks and data brokers -- have been loosely regulated. But last year, California Atty. Gen. Kamala Harris began a campaign to extend privacy protections that are commonplace on the Web to smartphones and tablets.

The 22-page report could have ripple effects across the country as state and federal authorities wrestle with how to update existing privacy protections, which have failed to keep up with rapid advances in technology.


“What California does often ends up becoming the law of the land,” said Ryan Calo, assistant professor at the University of Washington School of Law.

By next year, more people around the world will access the Internet through mobile phones and tablets than through desktop computers. As users load up their devices with mobile apps, the privacy debate over what information can be collected and by whom will vault to the forefront of public discussion.

Harris does not have the authority to write new rules for mobile apps. Instead, she’s broadly interpreting a 2004 state law that requires “online services” that collect personal information from consumers to have privacy policies.

“In California, we have some of the strongest consumer protection laws in the country. While it is easy to conceive of innovation and regulation as mutually exclusive, California is proof that we can do both. We can innovate responsibly,” Harris said.

The effort in California mirrors a larger one from the Obama administration. The White House last year asked the National Telecommunications and Information Administration, a division of the Commerce Department, to gather industry and advocacy groups together in an effort to develop an online “Consumer Privacy Bill of Rights,” national guidelines for the collection and use of consumers’ personal information. But the effort has been bogged down by infighting.

Harris consulted app developers, app stores, advertising networks, mobile carriers, device manufacturers, operating system developers, security and privacy professionals and consumer groups in developing the recommendations in the report.


The report urges apps developers to build privacy into their mobile apps and to weigh carefully how much of people’s personal information they really need. Her office is pushing for apps to communicate in concise, simple and clear terms exactly what data they collect and why and with whom they share the data.

Some in the industry say apps developers should take these steps to maintain their users’ trust, a key asset in a competitive marketplace.

“California is taking what I consider to be a very reasonable approach, working with all the players in the ecosystem,” said Kevin Mahaffey, co-founder and chief technology officer of mobile security firm Lookout. “The recommendations are reasonable and spell out what app developers need to do.”


California sues Delta Air Lines over mobile app privacy

Facebook to require privacy policies for all apps in App Center


Atty. Gen. Kamala Harris puts mobile apps on notice about privacy