The California Attorney General has reached an agreement with primary app platform providers—Amazon, Apple, Google, Hewlett-Packard, Microsoft, and Research in Motion. The agreement confirms that privacy policies are required for apps under the California Online Privacy Protection Act; which requires websites and online services that collect personal information to offer privacy policies.

Under the agreement, the following “principles” also apply:

  • Apps that collect personal data from a user must conspicuously post a privacy policy;
  • App developers will need to either provide a link to the app's privacy policy or include the text of the app's privacy policy when uploading it to an app marketplace;
  • App users must be able to notify app marketplaces when an app does not comply with its terms of service and/or laws;
  • App marketplaces must implement a process to respond to reported instances of non-compliance; and
  • The California AG and app platform providers will continue to work together to develop best practices for mobile privacy and a model mobile privacy policy.

In addition to non-compliance sanctions for a lack of a privacy policy; under California law, failure to follow stated privacy policies is actionable under the state’s unfair competition/false advertising law.