Response Magazine Site Response Expo Site Direct Response Market Alliance Site Job Board


   Log in

What Advertisers Need to Know About App Privacy

5 Feb, 2013 By: Arthur Yoon, Jeffrey Richter

As consumers load up their smartphones and tablets with mobile applications (apps) that permit them to purchase goods and services directly from online advertisers, there are growing concerns about the amount of personal data that is obtained and shared by advertisers who gather consumers’ personal data and then use it to deliver highly personalized services and advertising messages. California Attorney General Kamala Harris has engaged in a high-profile campaign to encourage advertisers to comply with California’s Online Privacy Protection Act that requires online businesses to develop privacy policies and display them. In California, a potential consumer generally should be informed of what personally identifiable information an advertiser collects about them, how an advertiser uses that information, or to whom that information is shared, disclosed or sold.

Attorney General Harris established the Privacy Enforcement and Protection Unit to enforce federal and state privacy laws regulating the collection, retention, disclosure and destruction of private or sensitive information by individuals and organizations. Building on her efforts to improve privacy for consumers, she recently released a report that provides guidelines to extend privacy protections that are commonplace on the Web to smartphones and tablets. The report, “Privacy on the Go: Recommendations for the Mobile Ecosystem” serves as a framework for advertisers that develop apps to implement mobile-friendly privacy policies and practices that will improve consumer privacy. The report urges developers to build greater privacy protections into their applications than are currently required by law. Her office is pushing for advertisers to communicate in concise, simple and clear terms exactly what data they collect and why and with whom they share the data.

The report recommends that advertisers consider measures that go beyond the state’s legal requirement for online services to display a basic privacy policy that is conspicuously accessible to potential users. The report suggests advertisers consider privacy issues from the start of the app development process by thinking about how much data they need and how they will use it. The report provides a number of steps that app developers can take, including: avoid or limit collecting personally identifiable data not needed for an app’s basic functionality; use encryption to send and store personally identifiable information; to accommodate the smaller screens of mobile devices, use special notifications, such as icons or pop-up notifications, to inform consumers about how personally identifiable information is being collected and shared; and appoint a privacy officer to review privacy policies when apps are updated.

Consumers generally expect a high level of privacy when it comes to the data that they interact with on their mobile devices. Given the California Attorney General’s focus on consumer privacy protections, advertisers that collect personally identifiable information from consumers in California should consider the report’s recommendations and best practices when developing and distributing mobile applications. By doing so, an advertiser can reduce the risk of becoming a target of an enforcement action with respect to privacy laws and concerns. At the same time, despite the California origin of the report, advertisers in other jurisdictions might benefit from voluntary adoption of these prophylactic and forward-looking guidelines.

Jeffrey Richter and Arthur Yoon are partners at Los Angeles-based Finestone & Richter. They can be reached at (310) 575-0800, or at and

Add Comment