On Friday, Rep. Hank Johnson (D-Ga.) released a discussion draft of a bill for mobile privacy. Named the Application Privacy, Protection and Security Act of 2013 (“APPS Act”), the bill would obligate app developers to disclose to users the terms and conditions around the collection, use, storage, and sharing of user data. Additionally, the bill would require apps to allow users to opt out of the service and delete personal data collected by the app. The Federal Trade Commission would head enforcement and state attorneys general could bring suits against those who violate the regulations promulgated by the FTC.
In drafting the bill, Johnson and his Web-based initiative, AppRights, held meetings with members of the Internet community, public-interest groups, app developers, and other industry stakeholders. AppRights stated: “Over the coming days, we will release helpful clarifications of the updated provisions of the APPS Act so that everyone is on the same page.” It is not yet clear when the bill will be introduced to Congress as possible legislation.
The release of the discussion draft comes just one day after mobile industry members and privacy advocates held their eighth meeting to discuss proposed voluntary standards for disclosing how mobile apps use data. Interestingly, the current draft of the APPS Act provides a safe-harbor provision for any developer who voluntarily adopts, and complies with, the code of conduct that is expected to be produced out of these meetings.
During Thursday’s meeting, participants considered the latest draft of the proposed code of conduct, which is intended to enhance transparency about apps’ data collection and third-party sharing practices. During the meeting, the participants failed to reach a consensus on what data practices need to be disclosed and how the information should be displayed. There was also disagreement as to which practices required heightened disclosure.
There was some progress, however, as the stakeholders agreed that the final draft should contain flexibility, clarifying that the “shall” and “must” language in the latest draft indicated requirements, while the use of “should” indicated best practices that companies should strive to achieve if possible.
The group will reconvene for its ninth meeting on January 31.