Regulatory Advisory: Five Things Mobile App Developers Need to Know About Privacy Policies – California Requires Mobile Applications to Disclose Privacy Practices in App Stores

February 28, 2012

Mobile applications that collect user information must conspicuously post a privacy policy. That is the message from last week’s agreement between the Attorney General of California and six leading operators of mobile app platforms, including Apple (App Store) and Google (Android Market). The platform providers,, Inc., Apple Inc., Google Inc., Hewlett-Packard Co., Microsoft Corp., and Research In Motion Ltd., agreed to work with the California Attorney General to ensure that all apps made available in their app stores comply with the California Online Privacy Protection Act. Any app that collects personal information about any California resident must comply with this law. In practice, therefore, all mobile apps must comply with the requirements below.

Five key requirements for a mobile app privacy policy

Mobile app platform providers will require apps that collect personal information from users to conspicuously post a privacy policy. The policy must provide clear and complete information about:

  • What personally identifiable data the app collects about its users;
  • The categories of third parties with whom the app shares that personally identifying information (e.g., advertisers, data brokers, etc.);
  • The process for users to review and request changes to the personally identifiable information the app collects about them;
  • The method by which the app notifies users of material changes to its privacy policy and practices; and
  • The effective date of the privacy policy.

Under California law, “personally identifiable data” includes a person’s name, address, telephone number, e-mail address, social security number, or any other data that can be used alone or in combination with other information to uniquely identify, contact, or locate an individual.

When submitting a new or updated app to the platform providers, mobile app developers must provide either a hyperlink to their privacy policy or the text of the policy. Users will be able to access the hyperlink or description from the app store so they can see what information the app will collect about them and how that information will be used or shared before downloading the app. In addition, the platform providers will create a process for users to report apps that do not comply, and for responding to such reports.

Penalties for noncompliance

App developers that fail to comply with these requirements could face prosecution under California’s Unfair Competition Law or False Advertising Law. They also could be removed from the platform provider’s app market.

*          *          *

For more information regarding mobile privacy policies or Wiltshire & Grannis’s privacy practice, please contact Madeleine Findley or Brita Strandberg at (202) 730-1346.

This client advisory is not intended to convey legal advice.  It is circulated to our clients as a convenience and is not intended to reflect or create an attorney-client relationship as to its subject matter. 



At HWG, we’re always looking for smart, talented people to add to our team.


  • 1919 M Street NW, Eighth Floor
    Washington, DC 20036-3537
  • 1033 Wade Ave, Suite 100
    Raleigh, NC 27605-1155