App Developers Beware! California Wants Your Cash

David J. Shaw

Law enforcement seems to have discovered a way to fine the Internet. If you are an app developer, it is time to get equally serious about legal compliance. The California Online Privacy Protection Act of 2003 will finally be enforced by the California Attorney General’s Office. Any app developers caught in the law enforcement privacy protection net are subject to potential fines of $2,500 per download.

According to the act, each commercial website operator that collects personal information about Californians who visit their web pages must post a distinctive and easily-found link to the website's privacy policy. The privacy policy must describe:

  • The types of information gathered
  • The ways information may be shared with other parties
  • The process whereby a user can review and modify their personal information.
  • Finally, the policy must also state the effective date and describe any subsequent changes since the effective date.

The law is far-reaching. Although a California law, it is applicable to anyone who gathers information on people living in California. Presumptively, this would be true even if a website owner did not know the person to whom the information applies lives in California. Enforcement by California officials on out-of-state or out-of-country website owners is a challenging issue, but for the potential monetary losses involved (especially given the relatively inexpensive costs of developing a legal privacy policy), it is simply not worth the risk of running a commercial website or having an online commercial app of any kind without and solid privacy policy.

David J. Shaw is a Shareholder with Kirton McConkie and devotes his practice to e-commerce and technology matters.  If you have any questions, or need help developing your own privacy policies, he can be reached at (801) 328-3600 or at

Practice Areas

Jump to Page

By using this site, you agree to our updated privacy policy and our terms of use