California AG Kamala Harris Releases Privacy Guidelines for Mobile Apps

Jameson Dempsey co-authored this blog post.

Hot on the heels of its recent lawsuit against Delta Airlines for alleged violations of the California Online Privacy Protection Act (“CalOPPA”), today the California Attorney General’s Privacy Enforcement and Protection Unit released its highly anticipated mobile privacy report, Privacy on the Go: Recommendations for the Mobile Ecosystem. The report, developed in collaboration with a wide array of industry stakeholders, provides a series of specific recommendations designed to promote ​“surprise minimization” for users of mobile applications.

The bulk of Privacy on the Go focuses on well-established themes of user control, transparency, and data minimization, covered in detail here on our sister blog. Of particular relevance to regular readers of Telecom Law Monitor, the report encourages active participation from mobile carriers through subscriber education, data security practices, and standard-setting efforts. Specifically, the Attorney General recommends that carriers:

• Leverage relationships with mobile customers to educate them on privacy protections, including mobile safety for children
  
• Work with operating system (“OS”) developers and other appropriate parties to facilitate timely patching of security vulnerabilities
  
• Work with OS developers and device manufacturers to set cross-platform standards for privacy controls, means of enabling the delivery of special privacy notices, and privacy icons

These recommendations represent yet another step in the ongoing efforts among state and federal regulators to address online privacy on an ​“ecosystem-wide” scale. Indeed, although mobile carriers are not the primary target of the California AG’s recommendations, the report squares with similar proceedings at the Federal Communications Commission (“FCC”) that have potentially significant consequences for wireless providers. For example, as this blog reported last summer, the FCC recently sought to refresh its customer proprietary network information (“CPNI”) docket, and has taken a similarly keen interest in location-based services. As such, mobile carriers should remain mindful that federal and state regulators are keeping all mobile players in mind as they push toward greater privacy protections for consumers.