Bill would put mobile app vendors on the hook for privacy
App developers would be required to notify and get consent from consumers before collecting their data
Computerworld - The mobile industry's efforts to convince lawmakers that self-regulation alone is the best way to address growing concerns over privacy-invading mobile applications appears to be running into some headwind.
On Thursday, Rep. Hank Johnson (D-Ga.) introduced new legislation that would require mobile application developers to provide clear notice to consumers and get their consent before collecting personal data from mobile devices.
Johnson's bill, the Application Privacy, Protection and Security Act of 2013 (HR1913), would force mobile application developers to disclose what data they collect and how they will use, share and store that data. They would be required to disclose the specific categories of data they collect and the third parties with whom they share the data.
Mobile application developers would need to have a clearly spelled out privacy and data retention policy that tells consumers how long data is stored and the choices they have for deleting or opting out of such collection. The Federal Trade Commission would be responsible for enforcing the provisions of the bill, known as the Apps Act.
Johnson's bill is another sign of the growing concern among lawmakers and others in Washington and elsewhere over the data collection practices of mobile application software vendors and providers of mobile services.
California has been one of the most aggressive states in this regard. Last year, the state's attorney general, Kamala Harris, struck an agreement with several leading companies, including Facebook and Google, to make their privacy policies more transparent to users of their mobile applications.
In March 2012, a total of 18 companies including Facebook, Apple, Twitter and Yelp were sued in Texas for allegedly distributing privacy-invading mobile applications.
The mobile industry itself has tried to address such concerns via a multi-stakeholder initiative led by the National Telecommunications and Information Administration (NTIA). Under that effort, industry stakeholders, rights groups and Internet marketers are working to develop a mutually acceptable privacy code of conduct for the mobile industry.
The industry has tried to argue that such self-regulation is a far better option than new mobile privacy laws pushed down by Congress.
Johnson's introduction of the Apps Act suggests that some lawmakers are either not entirely convinced that that's the best approach, or that they want to push those efforts along
"[Johnson's bill] serves a useful function by focusing attention on the issue, and it can help drive self-regulatory efforts," Simpson said. "If Rep. Johnson's bill is passed, it would be a significant step forward."
Consumers of mobile apps expect application developers and platforms to follow fair information practices when handling their personal data, said David Jacobs, consumer protection counsel at the Electronic Privacy Information Center (EPIC).
More than half the respondents to a recent survey by the Pew Research Center said that they had avoided installing a mobile application after discovering the amount of information it collected. Another 30% said they had uninstalled applications after learning about the privacy policies associated with that application, Jacobs said. "Yet the mobile app marketplace currently suffers from inadequacies of transparency and control," he said.
"The Apps Act of 2013 contains several provisions that will advance transparency in mobile apps," he said. While he acknowledged that it doesn't provide a full set of fair information practices for users, he said the bill should help ensure better data handling by mobile application vendors.
This article, "Bill Would Put Mobile App Vendors on the Hook for Privacy," was originally published on Computerworld.com.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed. His email address is email@example.com.
Read more about privacy in Computerworld's Privacy Topic Center.
- Franken presses Ford on location data collection practices
- Justices let stand appeals court decision on border searches of laptops
- California lawmakers move to bar state help to NSA
- Appeals court again nixes Google's bid to overturn Street View case
- Older Mac webcams can spy without activating warning light
- Update: Judge rules NSA spy efforts may be unconstitutional
- Perspective: Privacy concerns could keep Amazon delivery drones grounded
- NSA collects data from millions of cellphones daily
- Perspective: Curbing data use is key to reining in NSA
- Lavabit-DOJ dispute zeroes in on encryption key ownership
Read more about Privacy in Computerworld's Privacy Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Privacy White Papers | Webcasts