Got a Website or App With No Privacy Policy? California Has a Fine For That.

May 22, 2013 | No Comments
Posted by Melissa V. Skrocki

If you have a website or a mobile app that is viewed or downloaded by a California resident or if your entity has ties to California, you must comply with the California Online Privacy Protection Act (the “Act”).  The Act requires that if you operate an online service that collects any identifiable information, the operator must conspicuously post the entity’s privacy policy.  The fine for not complying is $2,500.00 per violation (i.e. each download, use of a website by a California resident, etc.).

The California Attorney General recently lost their first significant case with regard to the Act.  The Attorney General had claimed that Delta failed to include a privacy policy in their mobile app.  If found guilty of violating the Act, Delta would have been fined $2,500.00 for each download of its app.  Assuming the Delta app has been downloaded 1.5 million times, Delta would have been on the hook for $37,500,000.00 in fines alone.  Delta was able to overcome the Attorney General’s claim and have the suit dismissed by relying on the Airline Deregulation Act.  The Airline Deregulation Act prevents states from regulating items such as service offerings pricing or routes of airlines.  Since the Delta app allowed users to book or modify their flight reservations, the court dismissed the Attorney General’s claim as the Act could not pre-empt the federal statue.

While California has lost its initial case because of the existing federal law, it is unclear if other entities will be so lucky.   As the law stands if your website or app is used by just one California resident, you need to comply with the Act.  Privacy policies are not terribly burdensome to prepare and well worth the effort given the potential liability.

Leave a Reply





*