Mobile application businesses should consider reviewing their practices for compliance with federal and state privacy laws, including California’s Online Privacy Protection Act (“OPPA”).1 On Oct. 30, 2012, after several indications of an increased commitment to privacy protections for mobile users, California Attorney General Kamala D. Harris issued a press release confirming that the Privacy Enforcement and Protection Unit has begun to formally notify mobile app companies of noncompliance with OPPA.
The Attorney General’s latest press release, issued Oct. 30, 2012, confirms that the state has begun formally notifying mobile application companies of potential noncompliance with OPPA.4 According to the press release, the state will send letters to up to 100 apps perceived to be noncompliant, starting with the most popular apps available on mobile platforms. Attorney General Harris confirmed that “[p]rotecting the privacy of online consumers is a serious law enforcement matter. […] It is critical that we take all necessary steps to enforce California’s privacy laws.”
Attorney General Harris also released a sample letter directed to alleged noncompliant companies. This letter provides that within 30 days, the notified party must either respond with specific plans for compliance with OPPA, or explain why the notified party believes the app is not covered by OPPA. The letter also confirms the Attorney General’s intent to enforce OPPA through California’s Unfair Competition Law, which permits penalties of up to $2,500 per violation (and the Attorney General claims each copy of the alleged unlawful app downloaded by California consumers constitutes a violation).
The Attorney General referred to these letters as a “first step” toward enforcing OPPA, confirming the state’s plan to apply existing privacy law to new technologies such as mobile devices. Because OPPA and other privacy laws were enacted before mobile technology became widespread, it remains to be seen how enforcement by the state or private parties may proceed and how the courts will address defenses under OPPA. These issues and potential defenses are addressed in further detail in our recent article published in Law360.5
In light of these developments, those doing business in California should review privacy policies and practices to assess how these new developments might affect such businesses.
If you have any questions or would like more information on the issues discussed in this LawFlash, please contact any of the following Morgan Lewis lawyers:Gede-Tom
1 The Online Privacy Protection Act of 2003, Cal. Bus & Prof. Code § 22575 et. seq. (2004)
This article was originally published by Bingham McCutchen LLP.