Lawmaker Unveils New Mobile Privacy Bill
Two years ago, lawmakers in the House and Senate unveiled do-not-track legislation that would limit ad networks' ability to track people as they surf the Web. Those efforts haven't yet gone anywhere -- though obviously they still could.
But since 2011, the focus on Capitol Hill seems to have shifted from protecting the privacy of people who browse the Web on desktops (or laptops) to safeguarding information on smartphones. Last year, a Senate panel approved a location privacy bill proposed by Sen. Al Franken (D-Minn.). That measure would require that app developers obtain users' opt-in consent before collecting or disclosing their geolocation data.
And this week, Rep. Hank Johnson (D-Ga.) has unveiled the Application Privacy, Protection, and Security Act, which goes even further. The draft bill would require developers to inform users about the data that's collected by apps, and obtain users' consent. The measure also requires developers to delete as much user data as possible when people opt out of the service.
It's worth noting that lawmakers aren't the only ones concerned about data collection by app developers. The Commerce Department decided to start with mobile when it launched a series of "multi-stakeholder" meetings aimed at reaching a consensus on privacy issues.
And earlier this month, California Attorney General Kamala Harris recommended that developers follow fair information principles when collecting data from smartphone users. Her suggestions, which go well beyond current law, include recommendations that developers curb collection of personally identifiable data and sensitive information -- including geolocation data, call logs, address books, medical information, photos, and Web browsing history.
It's understandable that lawmakers and policymakers would turn their attention to mobile, given the recent surge in smartphone use. For one thing, ad companies tend to say that clickstream data collected from desktops isn't a privacy threat because it's anonymous -- though there's room for disagreement about whether people can be identified based on such data. But there's no question that smartphones can transmit highly detailed, personal information -- including precise geolocation data, photos and contact lists. What's more, developers haven't done a great job of respecting privacy in this area.
Last year, researchers reported that app developers were surreptitiously uploading users' address books. And in late 2011, a report surfaced alleging that software developer Carrier IQ was logging keystrokes on mobile devices.
None of these alleged privacy breaches mean that new laws are inevitable, or that it's even necessary to hold companies accountable. After all, Carrier IQ is already facing litigation, as are the app developers who allegedly scooped up users' address books.
Still, mobile developers shouldn't expect much support in Washington if they're going to continually blindside users by collecting information that people expected was theirs alone.