InfoLawGroup LLP

View Original

CalOPPA Getting Renewed Attention

On Friday, October 14, 2016, Attorney General Kamala D. Harris announced the launch of a new tool for consumers to report alleged violations of the California Online Privacy Protection Act (CalOPPA).  CalOPPA requires companies doing business in California (even if operating from outside of California) to post compliant privacy policies and abide by the promises in those policies.  The press release announcing the launch of the new tool mentions a specific focus on the “internet of things” as well as how companies are sharing information they collect about users.  The tool allows consumers to fill out an online form and submit it to the AG’s office. A new study from the Future of Privacy Forum is cited in the press release.  The study calls out that while a significant percentage of mobile apps now have privacy policies, health and fitness apps that collect sensitive PII are less likely to have privacy policies than others.  The study also found that apps are not properly disclosing their information sharing practices.  The AG (in coordination with research conducted by Carnegie Mellon University) is reviewing a number of apps in the Google Play store for legal compliance.

Of equal importance is the announcement that the Usable Privacy Policy Project (also out of Carnegie Melon University) is developing a piece of technology that can look for discrepancies between disclosures in a privacy policy and an app’s actual data practices.

As a reminder, CalOPPA requires an operator that collects PII from California consumers to post a privacy policy that describes the categories of information collected, the types of third parties with whom the operator may share that information, instructions on how to review and request changes to a user’s information and the effective date of the privacy policy.  The law also requires privacy policies to include information on how the operator responds to do not track signals and whether third parties can collect PII about users.

We should all expect new enforcement actions coming from the CA AG's Office in the near term.