California Attorney General Kamala Harris recently announced an agreement between California and the six largest producers of cell phone applications (apps), namely, Amazon, Google, Apple, HP, Microsoft, and RIM, intended to bolster the privacy of California purchasers of cell phone apps.The agreement was pursued by the AG’s office to ensure compliance with California’s Online Privacy Protection Act, which requires online service providers that collect the personal information of California citizens to “conspicuously” post their privacy policies.
There is no single law that defines “personally-identifiable information” or specifies what information must remain private on a nationwide basis. Rather, U.S. privacy laws consist of a patchwork of state-by-state prohibitions, sector-specific laws, and federal regulations. The Gramm-Leach-Bliley Act, for example, establishes the guidelines for the collection of financial data, pin numbers, and similar information, in conjunction with regulations established by the Federal Reserve Board. Violations of these policies are enforced by the Federal Trade Commission.
The protection of personal information, however, is left to each state. California’s privacy laws, one of the strongest nationwide, define personally-identifiable information as information that can be used to identify an individual, such as names, addresses, telephone numbers, email addresses, social security number, or other personal details.
Consider the example of digital music service-provider Spotify (www.spotify.com). Spotify requires prospective users to waive their right to bring a class action, agree that only the laws of New York will apply to disputes with Spotify, and give Spotify automatic access to the user’s information, including the searches made, date/time of the request, performance statistics of the user’s computer and network, and details of the user’s computer, operating system, application version, browser type, and language. Spotify also tells users that their personal information “including gender and age and postal address” will be shared with anyone who merges with or buys Spotify.” Users have no choice but to agree, if they want the app. The agreement, though a positive development for California consumers, is only the first step.
The AG’s office has asked the six app manufacturers to continue working with its office to develop best practices for mobile privacy and mobile privacy policies. In six months, they are scheduled to re-convene with the AG to assess the progress that has been made.