California’s attorney general released a set of privacy recommendations for app developers in the state Thursday, with guidelines for development and for disclosure policies.
The state’s recommendations come as developers and regulators at the National Telecommunications and Information Administration deliberate over best practices for app developers to ensure user privacy on a national scale.
In an introductory message, Attorney General Kamala Harris said her office wished to address the unexpected issues that emerge as developers expand app capabilities to “allow us to do everything from streaming movies to hailing a cab to viewing our own X-ray and ultrasound images.
“Along with the many wonderful capabilities these apps offer, we remain mindful that the mobile environment also poses uncharted privacy challenges,” Harris said “These are challenges that we must confront and that we must resolve in a way that appropriately protects privacy while not unduly stifling innovation.”
The document makes recommendations along two basic tracks: privacy issues to consider during development and recommendations for disclosing privacy practices.
During the design process, the document suggests, developers should create a checklist of information to collect and then flag any possible privacy issues. It also recommends that developers no collect any unnecessary personal data.
Disclosure policies should be written clearly, the document said, and highlight highlight data practices with tools such as pop-up alerts or other notifications to draw users’ attention. The document did favor specific formats — such as icons — for policies or notifications.
The report also recommended ways that app platform providers, ad networks, mobile operating system developers and mobile carriers can improve privacy notification and collection. For example, the report urges platform providers such as Apple, Google and Amazon, to make sure users can access app privacy policies before they download an app.
The recommendations are the result of numerous conversations with developers, privacy advocates, security professionals, advertisers and app platform providers.
Harris has made app privacy a priority in recent months. In November, she sent several letters to companies who did not comply with a state law requiring all apps to disclose what personal information they collect within the app.
Harris ultimately filed a lawsuit against Delta for failing to post a policy within a specified period in violation of the state’s online privacy law; Delta has since added a policy to its mobile application.