A new privacy bill would require application developers to explicitly gain consent before obtaining data from consumers, and compel them to securely maintain that data in accordance with mandatory privacy policies.
Rep. Hank Johnson (D-GA) brought the bipartisan Application Privacy, Protection and Security (APPS) Act 2013 to the floor of the U.S. House of Representatives on Thursday in a bid to bolster confidence in the desktop and mobile apps market, which has been at the center of a number of privacy storms in the not-so-distant past.
In the last year alone:
- A privacy slip-up in Google Play, discovered by Australian app developer Dan Nolan, sent app buyers' personal details to Android developers without asking their permission
- Apple was sued for allegedly letting iPhone and iPad apps send personal user data to ad networks without their explicit consent
- Twitter and Path were both at the center of anger when it was discovered that user contact data was being uploaded without their permission.
This is just to name a few, and politicians on both sides of the political fence are tired of it.
The bill, if passed, would require that app developers display privacy policies and require consent from users before the app is even used. In some cases, apps already require this — many in-built Apple iPhone and iPad apps display a terms of service message and require users to sign off on it before they continue.
Such policies would also have to explain whether their data could or will be shared with third parties, such as advertising networks. And, if a user stops using an app, they can compel the app developer to delete any data held on them. The U.S. Federal Trade Commission would enforce these privacy rules, the bill states.
A note of the key provisions states: "A developer would also maintain a data retention policy that notifies the user how long data is stored, and how to delete or opt out of data collection." Data retention policies are commonplace in the EU as a result of a European directive inscribed in member state law, but some privacy groups are opposed to mandatory data retention for ISPs, but it's not immediately clear whether this would be widely received or not.
In a House floor speech, Johnson said: "We lack basic rights to control how and how much data is collected on our phones and tablets. Data has become the oil of the 21st century, and like any other resource there must be common-sense rules of the road for this emerging challenge."
Johnson said he "learned from CISPA and SOPA," both of which caused considerable controversy, and that he "wanted to build something the right way."