Privacy, Cali puts mobile app developers on notice

The California Attorney General, Rob Bonta, has warned mobile app developers to comply with the state's privacy laws and consumer opt-out requests or face serious consequences. Bonta has a record of enforcement actions against companies that breach the California Consumer Privacy Act (CCPA) and recently sent letters to businesses with mobile apps that ignore opt-out requests or sell user data. The latest "investigative sweep" focuses on retail, travel, and food service apps and also targets companies that have not processed consumer requests submitted by authorized agents. Last year's sweep resulted in a $1.2 million fine against retailer Sephora and showed that Bonta is willing to take a broad interpretation of "sale" of consumer data and pursue aggressive prosecution. Bonta now has the California Privacy Rights Act (CPRA), which mandates companies not to "share" personal information with third parties, as an additional tool for enforcement. The state has created its own online tool for consumers to report possible CCPA violations. Analysts expect to see some fines related to CCPA compliance, as the law is relatively new and companies will have a chance to bring their apps in line before facing a fine. The CCPA enforcement actions set a positive example for other states and for federal enforcement agencies. Some companies may end up extending CCPA privacy protections to all of their customers. However, the patchwork of privacy legislation across the US creates a compliance headache for app developers. The US need a federal standard that can actually protect the consumers without government surveillance overreach.