Article courtesy of Morrison & Foerster’s Mobile Payments Practice
Lawmakers in Washington, D.C., continue to show interest in understanding and developing regulatory proposals relating to mobile apps. The interest appears to be driven, at least in part, by policymakers’ concerns about consumer privacy when using mobile phones and other smart hand-held devices. The issue of consumer privacy, as well as the security of financial information, and the use of mobile also apps has been raised in the context of Congressional hearings held to understand the new ways in which consumers are paying, and taking payments, via smartphone.
The recent introduction of a bill focusing on mobile apps and privacy issues is another indicator of ongoing legislative interest in mobile phone technology and ways in which smartphones are used. On May 9, 2013, Representative Hank Johnson (D-GA) introduced H.R. 1913, the “Application Privacy, Protection, and Security Act of 2013” (“APPS Act”). H.R. 1913 was referred to the House Committee on Energy and Commerce for consideration. As of June 4, 2013, the bill had five co-sponsors.
Representative Johnson’s introduction of the APPS Act follows the release, in January 2013, of a discussion draft of the bill that was developed through an Internet-based legislative project launched by the congressman’s office in July 2012. The following provides a brief overview of the APPS Act, as introduced.
User Notices
Under the APPS Act, app developers would be required to provide users with a notice, before collecting their personal data, describing the terms and conditions governing the collection, use, storage and sharing of personal data. Developers would also be required to obtain the consent of the users to these terms and conditions.
The bill would require this notice to users to include the following:
- The categories of personal data that the app will collect;
- The purposes for which the personal data will be used;
- The categories of third parties with which the personal data will be shared; and
- A “data retention policy” that governs the length of time for which the personal data will be stored and a description of the user’s rights under the bill to notify the app developer and request that the developer refrain from collecting additional personal data through the app.
The APPS Act would direct the Federal Trade Commission (FTC) to issue regulations specifying the format, manner and timing of the notice. In promulgating the regulations, the FTC would consider how to ensure the “most effective and efficient” communication to the user regarding the treatment of personal data.
Data Security
The APPS Act would also require app developers to take reasonable and appropriate measures to prevent unauthorized access to personal data collected by apps. This provision demonstrates that concerns about consumer privacy continue to be a driving force for policymakers in crafting legislative proposals.
FTC Enforcement and Safe Harbor
The APPS Act would provide for FTC enforcement, pursuant to the FTC’s unfair or deceptive acts or practices authority under the FTC Act, but would not foreclose private rights of action, or actions by state attorneys general or other state officials. Pursuant to a safe harbor provision, app developers would satisfy the APPS Act’s requirements, and requirements of implementing regulations, by adopting and following a code of conduct for consumer data privacy developed in the multi-stakeholder process convened by the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA). The NTIA process is an outgrowth of the White House white paper, “Consumer Data Privacy in a Networked World,” which advocated the coupling of voluntary privacy codes of conduct with federal legislation establishing consumer “Bill of Rights” principles.
The full text of H.R. 1913 is accessible on the Web site of the Government Printing Office at: http://www.gpo.gov/fdsys/pkg/BILLS-113hr1913ih/pdf/BILLS-113hr1913ih.pdf.