App privacy is becoming more of a public issue, which means it’s also starting to become an issue for our elected officials. This past week, U.S. Representative Hank Johnson of Georgia has drafted a bill aimed at trying to give users more control over their app data. A discussion draft has been released of what is titled the Application Privacy, Protection, and Security Act, found here. If this bill is passed, app developers would have to give their users notice of all the information that the app is possibly going to use for any purpose, along with consent to any data collected. Along with this most recent draft, the California attorney general just issued a set of mobile app privacy guidelines as part of the California Online Privacy Protection Act. In addition, Senator Al Franken is pushing for large companies – including Google and Apple – to require that apps and app platforms make their privacy policies easier to understand. These bills and others of their kind are the first to deal with app privacy, but there are sure to be more as the app ecosystem continues to grow.
People and perceived privacy
Most people actually do expect quite a bit of privacy out of their apps, even though for the most part, that privacy is perceived. According to a recent study:
“46 percent, for example, believe that carriers should not store location information for any length of time at all, while 59 percent believe data on a phone is "about as private" as data on a personal computer — which isn't necessarily the case depending on how a phone is loaded up.”
Is app privacy an illusion? After all, we give data to our favorite social networking sites which then use that data to find friends, events, and organizations for us to continue to interact with. When we use a certain large search engine along with its peripheral services, we are essentially giving it the “key to the castle” with how much data we’re allowing it to see and use. When we go shopping, that howling wolf tee that we liked is going to show up on a popup ad sometime in the future of our Web browsing. This sounds potentially intrusive when written down in black and white, but in reality, this is something that is expected as part of the overall customization and personalization of the services we use every day – both web-based and app-based. As the app ecosystem grows, there are lines that can be crossed, especially as using apps becomes more ubiquitous for larger groups of people.
The proposed APPS bill
This drafted legislation is based partly on ideas solicited on apprights.us; a project launched last summer in order to get an idea from the general public (as well as meetings with app developers, public interest groups, and industry leaders) on better ways to safeguard the rights of users when using apps. A statement from Rep. Johnson:
““Many of you told us that simple mechanisms are important to protecting your privacy on mobile devices ... without threatening the functionality or integrity of the mobile apps that you love.”
This proposed bill will require apps to give consumers notice in advance regarding any data that they are about to collect, and how this data will be used, shared, or stored. The developer would have to obtain consent in advance for any of these practices. Violations of these safeguards would be handled by the Federal Trade Commission, and state attorney generals would be allowed to bring civil suits against the offending developer(s) as necessary.
This proposed bill would also allow app users to tell developers that now that they have stopped using the app, they want data collection to stop. Developers would then have to delete that stored data and stop using it.
From the official discussion draft of the APPS bill:
(The purpose of this bill is) “To provide for greater transparency in and user control over the treatment of data collected by mobile applications and to enhance the security of such data.”
How would this affect third-party sharing of data, or data protection? From the draft again:
“For purposes of this Act, if the developer of a mobile application allows a third party to access personal data collected by the application, such personal data shall be considered to be shared with the third party, whether or not such personal data are first transmitted to the developer….. The developer of a mobile application shall take reasonable and appropriate measures to prevent unauthorized access to personal data and de-identified data collected by the application.”
App privacy guidelines
The proposed Johnson bill basically incorporates the three main pillars of app privacy: security, transparency, and most of all, user control over information. Developers would have to give the exact specifics of how data is collected, used, stored, and shared, and this information would also have to include the different “categories” of data collected, along with any third parties that they intend to share it with. Developers would also have to provide a way for users to communicate with them directly that they are not going to use the app anymore; therefore, their data is no longer available. Data retention would also have to be disclosed, clearly stating how long this user data is stored along with any terms and conditions surrounding that storage.
While this legislation is still in draft form, it’s getting quite a bit of attention, especially since it would change the way that we interact with apps – along with how developers create and release them. The National Telecommunications and Information Administration (NTIA) has requested that this bill be delayed so that they can have time to develop and input their own recommendations for app privacy, which will potentially bring even more changes for developers to the table.
How this affects developers
Legislation like the APPS bill, the California mobile apps privacy guidelines, and other privacy pushes by elected officials are the first wave of what is coming down the pike. Developers will be affected by these bills as they are passed, and will need to stay aware of what is changing in the world of app privacy so they can incorporate these guidelines into their apps.
What do you think of the emerging push for more app privacy? How do you plan on making your apps more privacy conscious? Share with us in the comments section below.