In late January 2023, California Attorney General Rob Bonta announced a CCPA (California Consumer Privacy Act) enforcement focus on mobile apps. The enforcement focuses on “popular apps in the retail, travel, and food service industries” that don’t allow or comply with consumer opt-out requests.
A recent CCPA settlement involving Sephora cost the company $1.2m in penalties and obviously compliance with CCPA plus regular reporting to the AG’s office. We’re also seeing federal enforcement of mobile app privacy issues from the FTC, most recently with a $1.5m settlement with GoodRx. You can follow the latest mobile breaches on NowSecure’s Mobile App Security & Privacy Breaches resource.
While a Federal privacy law has yet to arrive, it has been actively considered over the past few years. Similarly, many States are currently considering privacy laws and 5 states (California, Utah, Colorado, Virginia and Connecticut) now actively protect privacy via legislation (see IAPP’s US State Privacy Legislation Tracker for full details).
If your company has a mobile app, now is definitely the time to review your privacy policy, validate what data is collected and sent to third parties, update your iOS Privacy Nutrition and Android Data Safety labels and in general make sure your apps are compliant with new privacy and security legislation.