The state attorneys general, led by Maryland Attorney General Doug F. Gansler, are gearing up for a year focused on privacy and the Internet. On June 21, AG Gansler was installed as the 2012-13 president of the National Association of Attorneys General (NAAG). As the NAAG President, AG Gansler announced that he will spearhead a national initiative examining privacy and the Internet, the Presidential Initiative for the coming year. To kick-start that initiative, “Privacy in a Digital Age,” privacy panel discussions during the NAAG summer meeting focused on privacy in online gaming and the theft of children’s Social Security numbers. Although it is impossible to predict what specific topics the attorneys general will focus on as part of the Presidential Initiative, educated guesses can be made by reviewing recent attorney general privacy and data security actions, as well as looking at what is on the radar for federal regulators. Our predictions for the top three issues: (1) children, (2) mobile, and (3) privacy policies.
New Jersey Attorney General Jeffrey S. Chiesa set the stage for AG enforcement action against mobile application (app) developers with his lawsuit against app developer 24 x 7 Digital, LLC. On June 4, New Jersey sued 24 x 7 for collecting and transmitting the names and unique device identifiers (UDIDs) from children without parental consent in violation of the Children’s Online Privacy Protection Act (COPPA). Although most state AGs have not been particularly active in COPPA enforcement, this case is an important reminder that they have that authority, and may be flexing their muscle in this area in the months to come.
California Attorney General Kamala D. Harris also recently took a closer look at the fact that many mobile app developers do not disclose their data collection practices to app users, and entered into agreements with six leading mobile app platform providers to require developers to create, implement and maintain privacy policies. We wrote about that agreement here. Facebook has also just signed a similar agreement with AG Harris for its new App Center. Thirty-seven state attorneys general, led by AG Gansler and AG Rob McKenna of Washington, sent a letter to Google in February of this year outlining their concerns with Google’s changing privacy policy. The attorneys general have long argued that companies should mean what they say in their privacy policies, and should not make unilateral changes that harm consumers. As the 2012-13 Presidential Initiative gets underway, it is a safe bet the attorneys general will continue to scrutinize disclosures made in privacy policies, especially in those related to products and services available in the mobile space.
It is not a surprise that these areas should be receiving special attention by the states, as mobile apps, children’s issues and disclosures in privacy policies have been front and center for federal agencies looking at privacy issues. We have discussed the Federal Trade Commission’s most recent reports on privacy here and the Department of Commerce’s report here. One recommendation from Commerce’s report – the convening of stakeholder meetings to develop privacy codes of conduct – is already being implemented. Stakeholders interested in the transparency of data collection by mobile applications will converge on Washington, D.C. July 12 to discuss the topic at length. The National Telecommunications and Information Administration’s (NTIA) blog announcing that mobile will be the first topic is available here. FTC Commissioner Julie Brill also reiterated the FTC’s top three privacy issues – data brokers, mobile, and privacy policies for social networks – at the annual privacy and data security Practising Law Institute conference in New York.