Facebook's agreement on apps with California Atty. Gen. Kamala D.… (Al Seib, Los Angeles Times )
SAN FRANCISCO — Facebook is signing on to an effort from California Atty. Gen. Kamala D. Harris to make app makers more accountable for how they handle consumers' personal information.
With the explosion in the use of mobile devices, the state's top cop is looking to extend privacy protections that are commonplace on the Web to smartphones and tablets. With Facebook, Harris notched another win in her effort to get industry players to abide by voluntary guidelines.
Harris does not have the authority to write new rules for mobile apps. Instead, she's broadly interpreting a 2004 state law that requires "online services" that collect personal information from consumers to have privacy policies.
In February, her office brokered a deal with six of the largest companies running mobile app stores. Under the deal, Apple Inc., Google Inc., Amazon.com Inc., Microsoft Corp., Research in Motion Ltd. and Hewlett-Packard Co. agreed to give apps the ability to conspicuously post clear and complete information on how they collect, use and share consumer data.
Even though the mandate extends only to apps that collect personal information from Californians, Harris' efforts probably will have far-reaching consequences.
"If we can strengthen privacy protections here, we can benefit consumers around the world," Harris said. "App users should know what personal information is collected, how it is used, and with whom it is shared. If they know all of that, then they will have the tools and the ability to protect themselves."
Facebook Chief Privacy Officer Erin Egan said the agreement with the California attorney general "embodied essential protections for Californians and others who use mobile apps."
"Ensuring consumer trust on mobile platforms is an essential value to us here at Facebook," Egan wrote in a letter to Harris.
With Facebook and the other app stores, Harris has sewn up "a huge chunk of the app universe," said online privacy expert Ryan Calo, an incoming law professor at the University of Washington. Harris can then use her authority to prosecute app makers that mislead California consumers about what they do with their personal information. The penalties could be stiff under California law: as much as $5,000 per download.
The effort in California mirrors a larger one from the Obama administration, which is bringing together businesses, consumer groups and regulators to develop national guidelines for the collection and use of consumers' personal information. The first in a series of meetings to hash out the guidelines for mobile apps takes place in Washington next month. App makers that agree to the guidelines would be bound to follow them or risk scrutiny from regulators.
Privacy and consumer advocates say that voluntary agreements are not a substitute for comprehensive digital privacy legislation that would give consumers greater insight into and control over what happens to their data. But all efforts to pass federal legislation have stalled.
Justin Brookman, director of consumer privacy at the Center for Democracy & Technology, said his organization supports efforts from California and the White House. But, he said, "at the end of the day, I don't think it goes far enough."
Consumers need protection on mobile devices at least as much as they do on the Web, Brookman said.
"More information is at stake," he said.
Smartphones are nearly always with their owners and are nearly always turned on, making them truly smart about the intimate details of consumers' lives. Sometimes the sensitive information to which apps have access surprises their owners. Apps often know an owner's name, contacts, browser history, current location — even the unique ID number tied to that device. Yet many mobile apps give consumers few details about how this information is being collected and used.