New House privacy bill will require apps to gain consent before sharing personal data

A new House of Representatives bill, designed to securely maintain user data and simplify app privacy, will including provisions allowing users to demand that their data is deleted once it is no longer used.

A new privacy bill would require application developers to explicitly gain consent before obtaining data from consumers, and compel them to securely maintain that data in accordance with mandatory privacy policies.

Many app-related controversies have centered around the iPhone and iPad, as one of the most popular platforms for app developers. Image: CNET

Rep. Hank Johnson (D-GA) brought the bipartisan Application Privacy, Protection and Security (APPS) Act 2013 to the floor of the U.S. House of Representatives on Thursday in a bid to bolster confidence in the desktop and mobile apps market, which has been at the center of a number of privacy storms in the not-so-distant past.

In the last year alone:

This is just to name a few, and politicians on both sides of the political fence are tired of it. 

The bill, if passed, would require that app developers display privacy policies and require consent from users before the app is even used. In some cases, apps already require this — many in-built Apple iPhone and iPad apps display a terms of service message and require users to sign off on it before they continue. 

Read this

California introduces 'right to know' data access bill, and why Silicon Valley will hate it

As California considers going above and beyond what the EU gives its citizens in data access request rights, technology and Web firms in Silicon Valley will likely fight any hopes of such rights hopping across the Atlantic.

Read More

Such policies would also have to explain whether their data could or will be shared with third parties, such as advertising networks. And, if a user stops using an app, they can compel the app developer to delete any data held on them. The U.S. Federal Trade Commission would enforce these privacy rules, the bill states.

A note of the key provisions states: "A developer would also maintain a data retention policy that notifies the user how long data is stored, and how to delete or opt out of data collection." Data retention policies are commonplace in the EU as a result of a European directive inscribed in member state law, but some privacy groups are opposed to mandatory data retention for ISPs, but it's not immediately clear whether this would be widely received or not.

In a House floor speech, Johnson said: "We lack basic rights to control how and how much data is collected on our phones and tablets. Data has become the oil of the 21st century, and like any other resource there must be common-sense rules of the road for this emerging challenge."

Johnson said he "learned from CISPA and SOPA," both of which caused considerable controversy, and that he "wanted to build something the right way."