Policy & Law
US Representative Hank Johnson (D, GA) is unveiling a new draft bill that would require app developers to disclose their information-gathering practices, and allow users to request their stored information to be deleted. The Application Privacy, Protection, and Security (APPS) Act of 2013 is the culmination of a six-month web-based initiative called AppRights, and according to Johnson, incorporates three provisions championed by the project’s participants — user control, transparency, and security.
Delete any personal data collected by the application
Under the APPS Act, developers would be required to provide users with the terms and conditions governing the collection, use, storage, and sharing of their data. That notice would also have to include the categories of personal data collected and the purposes it would be used for, along with the categories of third parties with which it would be shared. More importantly for developers, they would have to provide a way for users to communicate their intent stop using an app, and "to the extent practicable, to delete any personal data collected by the application that is stored by the developer." Data retention policies would also need to be publicized, explaining how long user data is stored, and the terms and conditions surrounding its storage. The Federal Trade Commission would be in charge of enforcement, pursuing violations as "unfair or deceptive acts or practices," and state attorneys would be permitted to bring civil lawsuits against recalcitrant developers as well.
The proposed bill hasn’t yet been formally introduced as legislation, and Computerworld reports that the National Telecommunications and Information Administration (NTIA) is pushing for more time to develop its own mobile app privacy recommendations beforehand. Americans overwhelmingly consider the information stored on their phones to be private, and the issue is the focus of a variety of initiatives including Senator Al Franken’s Location Privacy Protection Act and the EFF’s Mobile User Privacy Bill of Rights.