Privacy has often been a key issue in discussing mobile devices, especially given the pervasive nature of mobile devices these days. Our smartphones and tablets have GPS tracking sensors, cameras, microphones, and we store personal data on the cloud. Information can be accessed by online services and local applications as part of their functionality, and users are left to the mercy of those that store their data. With these concerns in mind, a proposed APPS Act has been submitted to the U.S. House of Representatives for deliberation, and it will have an impact on user privacy in mobile devices.
Have you ever wondered just how much data Google or Facebook has on you? You might want to pay attention to how the APPS Act aims to improve privacy and security, or at least give a framework through which users are made better aware of their responsibilities and privileges as a consumer.
A quick overview
The APPS act — or Application Privacy, Protection and Security Act — was introduced by Rep. Hank Johnson (D-GA) as a discussion draft, and it contains the following points:
- Prior to data collection, apps are required to “provide the user with notice of the terms and conditions governing collection, use and storage of personal data.”
- The app is also required to “obtain the consent of the user to such terms and conditions.”
Additionally, developers are required to disclose more information as to how data will be used:
- Categories of personal data that will be collected;
- Categories of purpose for which data is collected;
- Categories of third parties with which data will be collected;
- The data retention policy, which governs the length by which data will be stored.
In this regard, the disclosure should also include other details as regards storage of data, such as a description of the rights of the user to said data, and how a user may exercise these rights.
Benefits and responsibilities
In short, the bill aims to give you better control over your data, and the ability to opt-out of data storage and collection should you wish to exercise your rights to do so. When installing Android apps, the installation interface already informs you of what permissions the app will need, and whether you will install based on this information. But as it stands, Android apps will fail the above-stated requirements in the way they currently ask you for permission.
To comply, apps will need to categorically state the kind of personal data that will be collected, why these will be needed, and which other companies they will share the data with (which may include advertisers or other service providers). Developers will also need to disclose how they plan to dispense with your information, and whether you can ask for your information to be taken off their premises.
Additionally, the section entitled “withdrawal of consent” provides a means for users to ask the developer to “refrain from any further collection of personal data through the application,” as well as “delete any personal data collected by the application that is stored by the developer,” or “refrain from any further use or sharing of such data.”
Almost there, but …
It’s not all rosy at this point, though. Given the legal requirements, it might be necessary to present the user with a lengthy terms-of-service screen and text, which will need to be confirmed before an app is installed. This might be difficult on two levels. First, users have the tendency of just skipping the small print and clicking on “install” blindly without reading the text. Secondly, it might turn off developers who need to collect, process and sometimes even share user data in order for their apps to function properly.
The APPS act includes provisions for civil liabilities, should a developer fail to comply with the disclosure requirements. The APPS act delegates the role of enforcement to the FTC, and the role of prosecution — where necessary — to the Attorney General. note that liability is only civil and not criminal. Still, this might be a cause of worry to small developers who don’t necessarily have the resources at their disposal to deal with a lawsuit.
The question now is whether the provisions of the APPS act already address the numerous privacy concerns that users have been voicing out. With the APPS act, developers will be compelled to be clear with exactly what the need from you and how they will use your data. But it still does not preclude them from using your data in the first place — only now they’re obliged to tell us users in a clear and explicit way. It will still be up to us to decide whether to use, download or sign up for those apps and services in the first place.
You can send Congressman Johnson a message through the AppRights website in the source link. You can also check out the full text of the draft bill in this PDF.