California Attorney General Kamala Harris has issued privacy guidelines for mobile apps. In a statement introducing the guidelines, Ms. Harris writes:
The mobile app industry is growing fast, but it is still in the early stages of development, with practitioners who are not all alert to privacy implications and how to address them. To help educate the industry and promote privacy best practices, the Attorney General’s Privacy Enforcement and Protection Unit has prepared Privacy on the Go: Recommendations for the Mobile Ecosystem. The recommendations, which in many places offer greater protection than afforded by existing law, are intended to encourage app developers and other players in the mobile sphere to consider privacy at the outset of the design process.
Highlights of Recommendations
For App Developers
• Start with a data checklist to review the personally indentifiable data your app could collect and use it to make decisions on your privacy practices.
• Avoid or limit collecting personally identifiable data not needed for your app’s basic functionality.
• Use enhanced measures – “special notices” or the combination of a short privacy statement and privacy controls – to draw users’ attention to data practices that may be unexpected and to enable them to make meaningful choices.
For App Platform Providers
• Make app privacy policies accessible from the app platform so that they may be reviewed before a user downloads an app.
• Use the platform to educate users on mobile privacy.
For Mobile Ad Networks
• Avoid using out-of-app ads that are delivered by modifying browser settings or placing icons on the mobile desktop.
• Move away from the use of interchangeable device-specific identifiers and transition to app-specific or temporary device identifiers.
For Operating System Developers
• Develop global privacy settings that allow users to control the data and device features accessible to apps.
For Mobile Carriers
• Leverage your ongoing relationship with mobile customers to educate them on mobile privacy and particularly on children’s privacy
You can access the full guidelines in Privacy on the Go here.