Mobile app developers have been put on notice by the state of California and a handful of mobile platforms that they need to be more forthcoming about the data they are collecting from users.

Last week, six companies, including Apple and Google, reached an agreement with the California?s attorney general to help insure there is greater privacy controls in place for mobile apps. The other big privacy news last week was that the Obama administration announced a consumer bill of rights calling for general privacy legislation, which could see more mobile Web browsers including a Do Not Track button.

?It was a gigantic, landmark week for privacy,? said Jules Polonetsky, director and co-chair of the Future of Privacy Forum, Washington.

?The agreement with California?s attorney general is going to mean a coming of age for many app developers,? he said.

?Do Not Track does not have immediate consequences for mobile but it is expected to.?

Appls and privacy
Mobile app privacy is getting a lot of attention right now following revelations that iPhone apps for Path, Facebook, Twitter, Foursquare and others are uploading users? contact names and phone numbers ? often without permission.

The Federal Trade Commission also recently week came out with a report showing that neither app stores nor the app developers provide the information parents need to determine what data is being collected from their children, how it is being shared or who will have access to it.

In a survey conducted by the Future of Privacy organization, about 30 percent of app developers provide users with privacy policies.

?Most apps are dealing with a lot of consumer data so they ought to have a privacy policy,? Mr. Polonetsky said.

However, this is really just the first step that app developers need to take.

?People do not read privacy policies,? Mr. Polonetsky said. ?You still need to tell users about anything that is significant beyond the policy.

?We are going to continue to have a lot of attention to what apps are doing with data and are they acting responsibly,? he said.

In the new agreement, Amazon, Apple, Google, Hewlett-Packard, Microsoft and Research in Motion all said they would take steps to insure that mobile apps comply with the California Online Privacy Protection Act. The act requires operators of commercial Web sites and online services, including mobile apps, who collect personally identifiable information about Californians to conspicuously post a privacy policy.

The companies agreed, among other things, that apps should conspicuously post a privacy policy so that users can read the policy before they download an app. Currently, not many apps have such a privacy policy.

?From the beginning, Android has had an industry-leading permissions system which informs consumers what data an app can access and requires user approval before installation," said a Google spokeswoman. "Coupled with the announced principles, which we expect to complete in the coming weeks, consumers will have even more ways to make informed decisions when it comes to their privacy.?

App market grows
The attorney general?s office points to the potential for privacy intrusion presented by mobile devices as one of the reasons for seeking the agreement. App developers may be able to access a user?s location, contacts, identity, messages and photos and without a privacy policy, consumers do not know what companies are doing with this information.

This is an important step as the app market continues to grow, with 98 billion apps expected to be downloaded by 2015. Currently, there are more than 50,000 individual developers, according to California?s attorney general office.

The platforms also agreed to include a way for news apps to display a privacy policy in the submission process and to give users a way to report non-compliant apps.

If developers do not comply with their stated privacy policies, they can be prosecuted under California's Unfair Competition Law and/or False Advertising Law.

"The California AG should have negotiated consumer protection standards for mobile devices," said Jeffrey Chester, executive director of the Center for Digital Democracy, Washington.  "Privacy policies are an ineffective method to ensure consumers are treated properly online.

"The breakthrough for the CA AG agreement is that now mobile marketing and application companies can be held accountable by state and federal regulators if they break their privacy policy commitments," he said.

Do Not Track
The other big privacy related news last week was a proposal from the Obama administration for a privacy bill of rights. In it, the administration calls for different industry groups to convene and come up with self-regulatory rules regarding privacy that would be enforceable by the Federal Trade Commission.

?It is very possible that the mobile industry will be one of the areas that looks to create enforceable self regulatory codes,? Mr. Polonetsky said. ?The goal is to get industry groups to the table.

?The Department of Commerce is going to be inviting multi-stakeholder groups, industry advocates, regulators and others to hash out the issues and come to a consensus around sector specific agreements,? he said.

Already, a large group of Internet companies have agreed to enable ?Do Not Track? buttons on browsers so that users can opt-out of being tracked across multiple web sites.

The program supported by the Digital Advertising Association does not currently encompass mobile browsers. However, Firebox already includes a Do Not Track mechanism in its mobile browser and mobile advertising network Jumptap said it would support the effort.

?So far, the DAA program does not specifically cover mobile browsers but there are plans,? Mr. Polonetsky said.

?It is certainly likely to be relevant for mobile Web sites,? he said. ?There is no way to do Do Not Track for apps.?

Final Take
Chantal Tode is associate editor on Mobile Marketer, New York