It looks like California Attorney General Kamala Harris means business when it comes to protecting consumers' online privacy. She has started to warn scores of companies that their mobile applications or "apps" violate California privacy law and could face fines of up to $2,500 each time one is downloaded.
Her action has nationwide impact, because as companies come into compliance with California law, consumers across the country will benefit.
Here's what's happened. Applications for mobile devices like smartphones and tablets are booming. You can download them from a number of platforms including Amazon, Apple, Facebook, Google, Hewlett-Packard, Microsoft, and Research in Motion. Sometimes they're free, sometimes you pay.
In February, Harris announced an agreement with the apps platforms that allows consumers the opportunity to review an app’s privacy policy before they download the app rather than after, and offers consumers a consistent location for an app’s privacy policy on the application-download screen in the platform store. Even so, some apps don't have privacy policies.
In addition, a lot of apps are available directly from companies. For instance, I just got a Honda Fit EV and downloaded an app directly from Honda's website that allows me to interact with my electric car.
So now that Harris has the deal with the platforms, she's reminding companies of their obligation under California Online Privacy Protection Act.
"Protecting the privacy of online consumers is a serious law enforcement matter," said Attorney General Kamala D. Harris. "We have worked hard to ensure that app developers are aware of their legal obligations to respect the privacy of Californians, but it is critical that we take all necessary steps to enforce California’s privacy laws."
She says that warning letters will be sent to 100 companies and they will get 30 days to fix the problem. I bet they do; $2,500 per violation concentrates the mind.
This is significant step forward. It requires apps developers to explain how data is used, but it still doesn't give a consumer adequate control over what's gathered. That's the next step: a meaningful Do Not Track mechanism for mobile devices