California attorney general cracks down on Delta, United and others for mobile privacy policies

Oct. 31 (Bloomberg) — United Continental Holdings Inc., Delta Air Lines Inc. and OpenTable Inc. are among companies in violation of a California protocol governing mobile applications for failing to conspicuously post their privacy policies, a person familiar with the matter said.

Companies using as many as 100 mobile apps were told in letters sent Oct. 29 by California Attorney General Kamala Harris that they have 30 days to make their privacy policies readily accessible to consumers of their online services, said the person, who declined to be identified because the matter isn’t public. In a statement yesterday, Harris didn’t include the names of the companies her office has contacted.

“Protecting the privacy of online consumers is a serious law enforcement matter,” Harris said in an e-mailed statement. “We have worked hard to ensure that app developers are aware of their legal obligations to respect the privacy of Californians, but it is critical that we take all necessary steps to enforce California’s privacy laws.”

Harris said in February when she announced a privacy protocol that she’s trying to bring the industry in line with a California law requiring mobile apps that collect personal information to have a privacy policy. Her actions indicate concerns over Internet privacy are extending to applications, the downloadable programs that companies in growing numbers are using to communicate with customers and market their wares to users of mobile devices.

‘Ensure Compliance’

United is “taking all steps necessary and appropriate to ensure compliance with California law as it relates to our mobile app,” United spokeswoman Mary Clark said in an e-mail.

Chris Kelly, a spokeswoman for Atlanta-based Delta, said in an e-mail that the company will to provide the information Harris requested.

California is the only state to require privacy policies for mobile applications as well as websites, Chris Conley, a technology lawyer at the American Civil Liberties Union in San Francisco, said in a phone interview. Consumers are becoming more aware of which apps collect personal information, he said.

“As people become more concerned about how much information is on a smartphone — about their location, about their contacts, about their shopping — I think people will pay more attention to applications’ policies in terms of what they collect, how they use it, what they retain and how they share this data,” Conley said.

Smartphone Users

Companies that program platforms for mobile applications, including Apple Inc., Google Inc., Facebook Inc., Microsoft Corp., Amazon.com Inc., Hewlett-Packard Co. and Research In Motion Ltd., joined an agreement with Harris to encourage compliance with the California Online Privacy Protection Act. The agreement allows users of smartphones, tablets and other mobile devices to review an app’s privacy policy before they download the app, according to Harris.

Companies face penalties of as much as $2,500 for each download of an application violating the law, according to a copy of the letter Harris sent to the companies. The letter directs the companies to explain within 30 days their “specific plans and timeline to comply” with the law, or why the application isn’t covered by it.

Tiffany Fox, a spokeswoman for San Francisco-based OpenTable, an online service that books restaurant reservations, didn’t immediately return a call seeking comment on the attorney general’s communications.

–Editors: Peter Blumberg, Andrew Dunn