YOU ARE HERE: LAT HomeCollections

Facebook to require privacy policies for all apps in App Center

Facebook, in an agreement with California Atty. Gen. Kamala D. Harris, will require each app to have a written privacy policy that sheds light on what information the app collects and shares.

June 22, 2012|By Jessica Guynn, Los Angeles Times
  • Facebook's agreement on apps with California Atty. Gen. Kamala D. Harris, above, comes after a deal her office brokered in February with Apple, Google,, Microsoft, Research in Motion and Hewlett-Packard.
Facebook's agreement on apps with California Atty. Gen. Kamala D.… (Al Seib, Los Angeles Times )

SAN FRANCISCO — Facebook is signing on to an effort from California Atty. Gen. Kamala D. Harris to make app makers more accountable for how they handle consumers' personal information.

All apps in Facebook's new App Center are required to have a written privacy policy that sheds light on what information the app collects and shares, according to an agreement that Harris has reached with the giant social network.

With the explosion in the use of mobile devices, the state's top cop is looking to extend privacy protections that are commonplace on the Web to smartphones and tablets. With Facebook, Harris notched another win in her effort to get industry players to abide by voluntary guidelines.

Harris does not have the authority to write new rules for mobile apps. Instead, she's broadly interpreting a 2004 state law that requires "online services" that collect personal information from consumers to have privacy policies.

In February, her office brokered a deal with six of the largest companies running mobile app stores. Under the deal, Apple Inc., Google Inc., Inc., Microsoft Corp., Research in Motion Ltd. and Hewlett-Packard Co. agreed to give apps the ability to conspicuously post clear and complete information on how they collect, use and share consumer data.

Even though the mandate extends only to apps that collect personal information from Californians, Harris' efforts probably will have far-reaching consequences.

"If we can strengthen privacy protections here, we can benefit consumers around the world," Harris said. "App users should know what personal information is collected, how it is used, and with whom it is shared. If they know all of that, then they will have the tools and the ability to protect themselves."

Some of the app stores have begun to give app makers the option of adding a privacy policy. In March, Google gave developers the ability to display and promote their privacy policies. Next week Google plans to start showing users links to those privacy policies when they browse apps on Google Play.

Hewlett-Packard in May began giving app developers the option of including a hyperlink to their app's privacy policy. RIM said it was in the process of implementing "tools and procedures." Microsoft said it's working on "additional changes" the agreement requires. An Apple spokesman declined to comment. did not respond to a request for comment.

Facebook's App Center has gone one step further than the other app stores by mandating that apps offered through it have a privacy policy.

Facebook Chief Privacy Officer Erin Egan said the agreement with the California attorney general "embodied essential protections for Californians and others who use mobile apps."

"Ensuring consumer trust on mobile platforms is an essential value to us here at Facebook," Egan wrote in a letter to Harris.

With Facebook and the other app stores, Harris has sewn up "a huge chunk of the app universe," said online privacy expert Ryan Calo, an incoming law professor at the University of Washington. Harris can then use her authority to prosecute app makers that mislead California consumers about what they do with their personal information. The penalties could be stiff under California law: as much as $5,000 per download.

The effort in California mirrors a larger one from the Obama administration, which is bringing together businesses, consumer groups and regulators to develop national guidelines for the collection and use of consumers' personal information. The first in a series of meetings to hash out the guidelines for mobile apps takes place in Washington next month. App makers that agree to the guidelines would be bound to follow them or risk scrutiny from regulators.

Privacy and consumer advocates say that voluntary agreements are not a substitute for comprehensive digital privacy legislation that would give consumers greater insight into and control over what happens to their data. But all efforts to pass federal legislation have stalled.

Justin Brookman, director of consumer privacy at the Center for Democracy & Technology, said his organization supports efforts from California and the White House. But, he said, "at the end of the day, I don't think it goes far enough."

Consumers need protection on mobile devices at least as much as they do on the Web, Brookman said.

"More information is at stake," he said.

Smartphones are nearly always with their owners and are nearly always turned on, making them truly smart about the intimate details of consumers' lives. Sometimes the sensitive information to which apps have access surprises their owners. Apps often know an owner's name, contacts, browser history, current location — even the unique ID number tied to that device. Yet many mobile apps give consumers few details about how this information is being collected and used.

Los Angeles Times Articles