Facebook has agreed to require developers to post links to privacy policies if their apps collect personal data from users, California Attorney General Kamala Harris announced today.
The
social networking service signed on to a deal that Harris forged in February with six other companies: Google, Apple, Research in Motion, Microsoft, Hewlett-Packard and Amazon. That agreement also
requires the companies to offer users an easy way to report developers who violate their privacy policies.
Harris takes the position that mobile app developers are required to follow
California's Online Privacy Protection Act, a 2004 law requiring online companies to post privacy policies if they collect "personally identifiable information" from state residents. Personally
identifiable data includes names, phone numbers, email addresses, or other data that can be used to contact or locate people.
The news comes at a time of increasing interest in mobile privacy.
Last week, the Department of Commerce said it intends to convene a broad array of
companies and advocates next month to discuss privacy guidelines for mobile apps.
Of course, even if app developers offer privacy policies, that doesn't mean people will read them. For one
thing, privacy policies are often lengthy and hard to decipher. For another, many people aren't going to interrupt an installation process to scroll through a legal document.
Still, a formal
policy can provide some protection to consumers. That's because companies who renege on promises in privacy policies can be charged by the Federal Trade Commission with engaging in deceptive
practices.
The FTC appears increasingly interested in pursuing such cases. Consider, last year the agency brought an enforcement action against Google for allegedly violating its privacy policy with the launch of Buzz --
which created social networks from people's email contacts. And earlier this year, the FTC settled a case with MySpace for allegedly violating its privacy policy by leaking users' names to
advertisers.