This is a short overview on privacy policies on websites and in apps in the US. Most privacy related rules are still to be found on a state level, as opposed to a few based on federal law. California is usually setting the pace in privacy law to protect their residents from data hungry organizations. The most recent developments were the Attorney General’s application of CalOPPA (Section 22575 of the Business and Professions Code that handles the privacy disclosures at large) to mobile applications and CalOPPA’s amendment related to the Do Not Track process.
Usually the trigger is the collection or sharing of personal information like names, emails, images or any other means of identifying a returning user (the way ad networks serve targeted advertising for example). “Commercial” is an often used trigger for privacy policies, which is generally defined very broadly. The same is true for California.
The introduction to Do Not Track reads like this:
The term “online service” extends to mobile apps.
What do I care about California?
I’m glad you asked. If you’d like to reread the above quote, then you’ll find the answer:
Do Not Track
“Do Not Track” is information that is communicated by a browser to a website about the fact that they do not want to be “tracked”.
What about federal laws?
There are federal laws as well. The most important in our vertical is the Children’s Online Privacy Protection Act.
COPPA – Children’s Online Privacy Protection Act
COPPA was enacted by Congress in 1998 and required the Federal Trade Commission to issue and enforce regulations concerning children’s online privacy. The primary goal of COPPA is to protect children’s privacy online (and at the same time on the mobile ecosystem). COPPA puts parents in control over what information from their children is collected and used.
When do you as a web or mobile developer or operator/owner of these services fall under COPPA? And what does that fact mean for you?
The Rule applies to operators of commercial websites and online services directed to children under 13 that collect, use, or disclose personal information from children. It also applies to operators of general audience websites or online services with actual knowledge that they are collecting, using, or disclosing personal information from children under 13.
Read a more thorough guide about COPPA and websites or mobile apps.
Other special requirements – HIPAA
There are other special laws that should not be forgotten, like the HIPAA, the Health Insurance Portability and Accountability Act. It’s mostly not relevant for our users, so please get in touch if you have any questions regarding it.
Our international approach
If there are any more questions, we are always happy to take them.
- Why mobile app privacy policies?
- COPPA – children under the age of thirteen