App innovation shouldn’t come at expense of consumer privacy

Privacy matters. Today, so much of our most sensitive information exists electronically, from our health and financial records to our most personal communications with friends and loved ones. The recent explosion of smartphones and tablets has increased our reliance on mobile devices for everything from shopping online and playing games to watching movies and seeing in the dark. 

By 2015, there will be 1 billion smartphones on the market. They will be used to download a staggering 25 billion apps. But as of today there are minimal restrictions on the kind of personal information that apps can collect and share. Some of the most popular mobile apps routinely collect and share users’ age, gender, usage habits and movements, often without user consent or knowledge. As an example, one app designed to help you find a cab has access to your name, email address, telephone number, the credit card you use to pay for the ride and your location for both pick-up and drop-off. With whom does the app share this information? How secure is this information from predators? Does the app also have access to your contacts or emails?

If you care about privacy, the answers to these questions matter. And privacy notifications and policies are the only way to get those answers. We know that of the top 30 mobile apps, 22 lack the most basic form of privacy protection: a privacy policy notifying users what information is collected and how it is shared. This is unacceptable. 

Under California law, privacy policies are required of any mobile app that collects a user’s personal information. Apps that collect personal information must post a privacy policy that states what information will be shared and with whom. Federal law has a similar requirement for mobile apps directed at children.

As California’s attorney general, I am deeply concerned about mobile privacy, especially because children and young people are the most active, and vulnerable, users of mobile devices. 

Last month, I reached an agreement with six leading mobile platforms — Amazon, Apple, Google, Hewlett-Packard, Microsoft and Research in Motion — to strengthen privacy protections for millions of mobile app users in California and around the globe. By joining our agreement, these companies signaled their commitment to improve privacy protections and transparency in how apps collect and use personal information. I commend the industry leaders for taking this critical first step. Respecting privacy is not only the right thing to do, it is good business. Ninety-eight 

percent of consumers want more knowledge and control over the information collected and used by their mobile devices and apps, and nearly 90 percent of those users, if given the option, would restrict sharing their information with third parties. 

Our agreement also puts app developers on notice that they must follow California’s privacy laws. Apps that fail to publish a privacy policy, or that misrepresent their privacy practices, will be subject to penalties of up to $5,000 per violation. This penalty applies any time one of California’s 38 million residents downloads the app.

Privacy matters. And there is a role for everyone to play in the work of ensuring that California’s innovation and technology doesn’t come at the expense of consumer privacy. Every one of us with a mobile device needs to do our part, from small steps like creating strong passwords to rejecting apps that don’t explain their privacy practices. 

Moving forward, government also needs to grapple with the issue of mobile privacy — and in particular, how to effectively regulate technology that is rapidly evolving. We need our laws to keep up with changes in technology. 

As we jump headfirst into the digital age, we must reject the false choice between respecting privacy and fostering innovation. Commonsense privacy protections can accomplish both goals.

Harris is the attorney general of California.