The APPS Act: Congressional legislation introduced to restrict mobile data collection and use and provide consumer transparency (H.R. 1913)

Share this

According to Rep. Hank Johnson (D-GA-04), consumers lack "basic rights about how much basic data is being collected on" mobile devices and require new legal protections. That is why he introduced the Application Privacy, Protection and Security (APPS) Act (H.R. 1913) in Congress on May 9. His legislation will matter to the survey, opinion and marketing research profession, whether as app developers, app partners, or as users of data collected via mobile devices.

Cell phone and smart phone privacy concerns in the House of Representatives

Related MRA items:

NTIA vs. FTC: The Federal Trade Commission intervenes in the multistakeholder process for mobile apps privacy

California: Mobile apps privacy not just a regulatory enforcement issue anymore

NTIA multistakeholder mambo continues: Participants moving closer to agreement on mobile apps privacy

FTC releases new guidelines on Dot-Com advertising disclosures

Countering technological/cultural risk in your marketing research study

Marketing Research and Privacy in a World of Mobile Apps: The White House “Multistakeholder Process,” California, Congress and the FTC

Retail shopper tracking back under the Congressional microscope (H.R. 210)

FTC's new mobile privacy report released, plants agency flag amid NTIA multistakeholder discussions on mobile apps transparency, looming enforcement actions, and pending legislation

APPS Act - Rep. Hank Johnson's draft legislation would require significant notice and opt out for users of mobile apps

California Attorney General on mobile apps privacy, issues detailed recommendations for the mobile ecosystem

Transparency drill-down: the NTIA multistakeholder process for mobile apps privacy continues drill-down on transparency screens and short form notices

Geolocation privacy bill passes Senate Judiciary Committee with minor improvements

Mobile apps privacy gets nitty-gritty: NTIA multistakeholder process digs into the technicalities of short form notices and privacy icons

Senate geolocation privacy bill (S. 1223) potential threat to next generation research

Building an App? Follow These Best Practices for California Law.

Next mobile apps privacy multistakeholder meeting to delve into data elements, functionality and short form notices.

Multistakeholder process grinds on in search of consensus on mobile apps privacy

Industry code of conduct for mobile apps privacy proposed to focus on transparency

MRA reports on participation in the 1st, the 2nd, and the 3rd multistakeholder meetings on mobile apps privacy in the White House proces.

MRA report on mobile app technical briefings and best practice discussions during the multistakeholder process.

The White House's Consumer Privacy Bill of Rights, which spawned the multistakeholder process.

Mobile Device Privacy Act (H.R. 6377) introduced, House hearing held on the "mobile apps economy"

FTC Publishes Mobile App Guidelines

Senator Al Franken's Privacy Subcommittee struggles to balance benefits of location data with consumer privacy.

The House Privacy Caucus targets location data

The APPS Act, which would require significant transparency and data minimization, hasn't changed dramatically from the draft APPS Act that Rep. Johnson had been circulating, which the Marketing Research Association (MRA) analyzed for our members in January.

MRA's view
MRA appreciates that the APPS Act is relatively circumspect, focused primarily on notice and consumer opt opt for data collection in mobile apps. It provides some welcome flexibility in the deidentification process, given that it is hard to provide consumer control over de-identified data. We're also particularly pleased to see a safe harbor in the APPS Act for entities that adhere to a voluntary code of conduct developed through the National Information and Technology Administration (NTIA) multistakeholder process for mobile apps privacy. However, we still have some serious concerns with Rep. Johnson's bill.

MRA worries about fully empowering the Federal Trade Commission (FTC) to define what the term "personal data" means, since (as demonstrated during our successful amendment to the SAFE Data Act in July 2011) the FTC thinks that almost any piece of information could be personally identifiable. The APPS Act would define "de-identified data" as "data from which particular individuals cannot be identified," and that would be the only kind of data excluded from the definition of "personal data."

The FTC would also be the entity to decide what "de-identified data" means. As MRA explained at length in our comments on the FTC's case against marketing research firm Compete, there is already a vigorous (and far from settled) debate in academic and technology circles on de-idenfication.

Even the requirement that the mobile app transparency notice include a data retention policy could be problematic for survey, opinion and marketing research since, as we showed in the SAFE Data Act debate in 2011 over data minimization, the research needs in data retention can be difficult to predict.

More broadly, we are also wary of moving legislation impacting the mobile space before the NTIA multistakeholder process can coallesce around a workable code of conduct for mobile apps privacy. While we applaud Rep. Johnson for including a specific safe harbor for entities that adhere to such a code -- something that the FTC has already flatly rejected during multistakeholder process meetings -- it is hard to embrace legislation in relation to an unfinished and still somewhat uncertain code. We are optimistic about results from the multistakeholder process, but it is not over yet. We continue to urge policymakers to patiently await a conclusion, and to perhaps even see how the resulting code works or does not work for consumers, before they leap into writing new statutes or regulations.