California Warns Mobile Apps to Post Privacy Policies
or Face Up to $2,500 Fine per Download

November 6, 2012

Mobile app developers, take note: California Attorney General Kamala Harris has begun sending warning letters to approximately 100 mobile app developers, formally notifying them that their apps do not have privacy policies that comply with California law. Privacy protection has been a top priority for Attorney General Harris, and these warning letters are just the most recent example of her efforts.

The letters explain that the California Online Privacy Protection Act (CalOPPA) requires operators of commercial websites or online services (including mobile apps) that collect personally identifiable information about California consumers to post a privacy policy. The privacy policy must be "conspicuously" posted and "reasonably accessible" to consumers. The attorney general demanded that the mobile app developers respond within 30 days, describing their specific plans and time frame to comply with CalOPPA or explaining why they believe that their app is not covered by CalOPPA. She warned that violations may result in penalties of up to $2,500 per download of each app by California consumers.

This is not the first time that Attorney General Harris has signaled her concern over mobile apps' privacy policies. Last month she posted what may be the first attempt at privacy enforcement by tweet when she used Twitter to write to United Airlines, "Fabulous app, @United Airlines, but where is your app's #privacy policy?" In February 2012, she reached an agreement with six companies whose platforms comprise the majority of the mobile applications market: Amazon, Apple, Google, Hewlett-Packard, Microsoft, and Research In Motion. These companies agreed to a joint statement of privacy principles designed to ensure that mobile apps post privacy policies in compliance with CalOPPA. Facebook signed on to the joint statement in June 2012, thus adding the primary platform for social applications to the agreement.

The warning letters are yet another step toward positioning California as one of the most active enforcers of consumer privacy rights. In June 2012, Attorney General Harris announced the creation of a new Privacy and Enforcement Protection Unit (Privacy Unit) with the mission of protecting Californians' privacy rights through the civil prosecution of state and federal privacy laws. App developers that do not comply with CalOPPA risk becoming targets of the new Privacy Unit's first enforcement actions.

If you have received a warning letter from Attorney General Harris or have questions regarding your obligations under CalOPPA, please contact Tracy Shapiro at or (415) 947-2042; Lydia Parnes at or (202) 973-8801; Michael Rubin at or (650) 849-3311; or your regular Wilson Sonsini Goodrich & Rosati contact.