Johnson Introduces Mobile Privacy Bill With Self-Regulation Safe Harbor
Rep. Hank Johnson, D-Ga., introduced a bill Thursday that would require app developers to obtain user consent before collecting data and to securely maintain that data. The Application Privacy, Protection and Security (APPS) Act (HR-1913) “answers the call” of consumers who want “simple controls over privacy on devices, security to prevent data breaches, and notice and information about data collection on the device,” Johnson said in a statement (http://1.usa.gov/11W5HOD).
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
The bill “would protect consumers without disrupting functionality and innovation,” Johnson said during a State of the Mobile Net event Thursday hosted by the Advisory Committee to the Congressional Internet Caucus. The bill also provides a safe harbor for apps that follow mobile privacy codes created by multistakeholder processes, specifically the mobile privacy process being facilitated by the NTIA, Johnson said. Self-regulation like those processes provides “a great opportunity for folks in the industry to accomplish what might be very difficult for legislators to legislate,” he said.
The mobile privacy code of conduct written by NTIA stakeholders -- which requires apps to inform users, via short-form notice, what information is collected and with whom that information is shared -- is “a true middle path that brings everybody into alliance,” said Tim Sparapani, Application Developers Alliance vice president-law, policy and government affairs and an author of the NTIA code, during one of the event’s panels. “I am incredibly optimistic at this point that we are about to be able to launch something that changes the game,” he continued.
The federal government should be more involved in protecting consumer privacy, said Michelle De Mooy, Consumer Action senior associate-national priorities, during the panel. Encouraging industry members to engage in multistakeholder processes -- such as the NTIA process, of which she is a participant -- is not enough, she continued. The government should “step up” and “force them to comply,” she said. De Mooy pointed to the World Wide Web Consortium working group that is attempting to develop a Do Not Track mechanism. “A lot of industry [members] have really torpedoed that effort,” she said, calling it “a really struggling process."
Specifically, the White House should craft a baseline privacy bill, like those found in Europe, De Mooy said. “It makes no sense to me” that such a bill doesn’t already exist, she continued. “It’s critical to have a baseline law.”