Several companies might face sanctions after Harris sent warning letters in late October to 100 app makers that had not posted a written policy. The vast majority agreed to comply, said Travis LeBlanc, who oversees the attorney general’s new Privacy Enforcement and Protection Unit.
The companies that rejected her order maintain they aren’t required to have a policy because the personal data they collect is not subject to the California Online Privacy Protection Act, LeBlanc said. He declined to name the companies or say how many were violating the law.
The prevalence of mobile app downloads has exploded in recent years, while enforcement of privacy protections has struggled to keep up. Privacy advocates say having a policy in place is the minimum requirement for app makers and a necessary first step in educating consumers who increasingly rely on mobile devices to share and store sensitive information.
“We’ve reached out to industry associations and let everyone know that they have an obligation to do this,” LeBlanc said.