Feedback
Tech

'Apps act' would make privacy disclosures mandatory

Apps on iPhone screen

With more than 1.5 million apps now available for Android phones and Apple's iPhone, a congressman is proposing a law that would require mobile app developers to let users know what an app's privacy policies are when it comes to information being shared and the length of time the information is kept by a developer.

"Data has become the oil of the 21st century, and like any other resource, there must be common-sense rules of the road for this emerging challenge," said Rep. Hank Johnson, D-Ga., in introducing the Application Privacy, Protection and Security in Congress Thursday.

"Every day millions of Americans use mobile applications to help us get through the day," Johnson said. "But many consumers do not know their data is being collected. This privacy breach is just not 1s and 0s, it's personal information, including our location at any given moment, our photos, messages and many of the things meant only for our friends and loved ones.

"Yet we lack basic rights to control how and how much of our data is collected on our phones, iPads and tablets."

The bill, H.R. 1913, also being called the "Apps Act," follows a report from the Federal Trade Commission in February about the same issue. In that report, the agency suggested ways for "critical players" such as app developers, advertising networks and mobile operating system providers like Google, Apple, Amazon, Microsoft and BlackBerry, to provide "timely, easy-to-understand disclosures about what data they collect and how the data is used."

The FTC report noted that "consumers increasingly are concerned about their privacy on mobile devices. For example, 57 percent of all app users have either uninstalled an app over concerns about having to share their personal information, or declined to install an app in the first place for similar reasons."

Tellingly, "less than one-third of Americans feel they are in control of their personal information on their mobile devices."

When it comes to apps for children, the FTC expressed even more concern in a separate report, issued last December, that found only 20 percent of reviewed apps disclosed "any information about the app's privacy practices."

Many of the apps reviewed by the agency "shared certain information with third parties — such as device ID, geolocation, or phone number — without disclosing that fact to parents," the FTC said. "Further, a number of apps contained interactive features — such as advertising, the ability to make in-app purchases, and links to social media — without disclosing these features to parents prior to download."

Johnson's bill also calls for giving consumers "a clear way to permanently delete their personal data once they stop using an app." The FTC is named in the bill as the agency that would enforce the law.

The Electronic Privacy Information Center said in a statement to NBC News that the Apps Act "contains several provisions that will advance transparency in mobile apps."

The bill "requires developers to clearly explain the types, uses, and retention period for any personal data collected," said David Jacobs, EPIC's consumer protection counsel in an emailed statement. The Apps Act also "allows consumers to demand the deletion of their personal data from apps they no longer intend to use, and gives the Federal Trade Commission rulemaking authority on mobile app transparency. Although the act does not provide a full set of fair information practices for mobile users, it will help ensure more responsible data handling by app developers."

In January, California Attorney General Kamala Harris issued an advisory report, Privacy On The Go: Recommendations for the Mobile Ecosystem, also calling for "readable privacy policies" and "transparency when it comes to alerting users if third party vendors collect their personal information," as well as "an end to unnecessary data collection unless it is critical for the app to function."

In December, Harris' office sued Delta Airlines in December, contending its "Fly Delta" app policy did not have a clearly posted privacy policy, a violation of the state's Online Privacy Protection Act. But a judge dismissed the suit this week, saying federal airline deregulation law prohibits states from imposing regulations, such as a privacy policy, on airlines.

This story was updated May 16.