App Stores

米カリフォルニア州司法局が、モバイルアプリストア主要6社とプライバシー保護策の改善で合意したと発表しました。含まれるのはApp Store のアップル、Androidマーケットの Google、Windows Marketplaceのマイクロソフト、Amazon Appstore for Android のアマゾン、および BlackBerry の RIM、webOS のHP。

加州司法長官 Kamala D. Harris 氏名義の発表によると、合意の内容は各社に対して、カリフォルニア州法 Online Privacy Protection Act (OPPA)の定める基準をモバイルアプリストアでも遵守することを求めるもの。

具体的にはストアの運営者およびアプリの販売者に対し、アプリが個人情報を扱う場合はストアの分かりやすい場所にプライバシーポリシーを表示すること、収集する情報の種類・用途・提供先を明記すること、ダウンロードやインストールする前に確認できるようにすること。また各アプリで違反があった場合、利用者がストア運営者に通報できる仕組みの提供などを求めています。

OPPAは2004年に施行されたカリフォルニア州法で、個人情報を取得・記録する商用ウェブサイトやオンラインサービスの提供者に対して明確なプライバシーポリシーの表示を要求する内容。同州に所在地やサーバがある企業だけでなく、「カリフォルニア州民の利用する」商用サイトやサービスの提供者を対象とするかなり範囲が広い法律です。

ハリス長官のコメントは「モバイルアプリを利用するために個人のプライバシーを犠牲にすることはあってはなりませんが、実際には頻繁にそうなっています」「今回の合意はカリフォルニアの消費者および世界の多くのモバイルアプリ利用者にとって、プライバシー保護を強化するものです」「モバイルアプリがプライバシーポリシーを備えるよう保証することは透明性を向上させ、モバイル機器の利用者は自分の個人情報を誰がどう利用するのかについて、もっと情報を得たうえで判断できるようになります」。


今後のスケジュールについては、各社がモバイルにおけるプライバシーについて今後六か月のうちにハリス長官と話し合いを持つとされているのみ。ストアに反映される時期や具体的な改善項目などについては言及がありません。

iOSとApp Store が電話帳などの個人情報を守っていなかった問題
、あるいはAndroidが自己責任の荒野だと思っていたら iOS は看守が仕事をしない牢屋だったでござる事件は米国では大きな話題となり、下院や各州司法関係者がアップルに対して質問状を送るなど現在進行形で注目を集めています。今回の発表は「今後の取り組みについて合意に達した」段階ですが、ハリス長官にとっては大いに仕事をしているアピールになるタイミングです。続きは加州司法局の発表文。
Attorney General Kamala D. Harris Secures Global Agreement to Strengthen Privacy Protections for Users of Mobile Applications

SAN FRANCISCO - Attorney General Kamala D. Harris today announced an agreement committing the leading operators of mobile application platforms to improve privacy protections for millions of consumers around the globe who access the Internet through applications ("apps") on their smartphones, tablets and other mobile devices.

Attorney General Harris forged the agreement with six companies whose platforms comprise the majority of the mobile apps market: Amazon, Apple, Google, Hewlett-Packard, Microsoft and Research In Motion. These platforms have agreed to privacy principles designed to bring the industry in line with a California law requiring mobile apps that collect personal information to have a privacy policy. The majority of mobile apps sold today do not contain a privacy policy.

"Your personal privacy should not be the cost of using mobile apps, but all too often it is," said Attorney General Harris.

"This agreement strengthens the privacy protections of California consumers and of millions of people around the globe who use mobile apps," Attorney General Harris continued. "By ensuring that mobile apps have privacy policies, we create more transparency and give mobile users more informed control over who accesses their personal information and how it is used."

Privacy policies are an important safeguard for consumers. Privacy policies promote transparency in how companies collect, use and share personal information. The agreement with the platforms is designed to ensure that mobile apps comply with the California Online Privacy Protection Act. The Act requires operators of commercial web sites and online services, including mobile apps, who collect personally identifiable information about Californians to conspicuously post a privacy policy.

This agreement will allow consumers the opportunity to review an app's privacy policy before they download the app rather than after, and will offer consumers a consistent location for an app's privacy policy on the application-download screen. If developers do not comply with their stated privacy policies, they can be prosecuted under California's Unfair Competition Law and/or False Advertising Law.

The agreement further commits the platforms to educate developers about their obligations to respect consumer privacy and to disclose to consumers what private information they collect, how they use the information, and with whom they share it. The platforms will also work to improve compliance with privacy laws by giving users tools to report non-compliant apps and committing companies to implement processes to respond to these reports.

In six months, Attorney General Harris will convene the mobile application platforms to assess privacy in the mobile space.

There are more than 50,000 individual developers who have created the mobile apps currently available for download on the leading platforms. There are nearly 600,000 applications for sale in the Apple App Store alone, and another 400,000 for sale in Google's Android Market. These apps have been downloaded more than 35 billion times.

These figures are expected to grow. An estimated 98 billion mobile applications will be downloaded by 2015, and the $6.8 billion market for mobile applications is expected to grow to $25 billion within four years.

The rapid growth and expansion in the mobile market exposes consumers to a wide variety of privacy invasions. Smartphones are often on and tethered to their user, transmitting rich data to the app developers. Users of mobile devices are vulnerable to privacy intrusion and abuse by numerous entities, app developers, analytic services and advertising networks. These entities could have access to sensitive information, including a user's location, contacts, identity, messages and photos. Without a privacy policy, what companies do with the personal data they collect is largely invisible to consumers.

It is estimated that a majority of the mobile apps currently available for download through the platforms do not include even the most basic privacy protection: a privacy policy setting forth how personal data is collected, used and shared. One recent study found that only 5 percent of all mobile apps have a privacy policy.

A recent report by the Federal Trade Commission (FTC), Mobile Apps are Disappointing, evaluated the lack of privacy information available to parents before downloading mobile apps for their children. The FTC report recommended that mobile apps platforms do more to help parents and kids by providing a consistent means for app developers to display information about their privacy practices. The FTC specifically recommended that the platforms provide a designated space for developers to disclose their information in the app stores and markets and that the platforms improve enforcement of requirements for app developers to disclose the private data they collect.

Attorney General Harris, in August, 2011, convened Amazon, Apple, Google, Hewlett-Packard, Microsoft and Research In Motion as the most direct way to improve compliance with California law requiring that mobile apps have privacy policies. The platforms have committed to these principles today and are now working to implement them.

"California has a unique commitment to protecting the privacy of our residents. Our constitution directly guarantees a right to privacy, and we will defend it," added Attorney General Harris. "Forging this common statement of mobile privacy principles shows the power of collaboration -- among government, industry and consumers -- to create solutions to problems no one group can tackle alone."

Last year, Attorney General Harris also established an eCrime Unit to prosecute identity theft, data intrusions, and crimes involving the use of technology.