News Center

Elsewhere Online twitter Facebook SLS Blogs YouTube SLS Channel Linked In SLSNavigator SLS on Flickr

APPS Act Implications: What Developers Should Know About User Privacy, Consent

Publication Date: 
February 04, 2013
Fierce Developer
Shane Schick

Aleecia McDonald, director of privacy at the Center for Internet and Society, spoke with Shane Schick from Fierce Developer about the APPS Act and offered up four suggestions for developers to keep in mind prior to it's possible passage. 

Let's be honest for a moment: When was the last time you, or anyone you know, took the time during the installation of a software program to read all the way through the user license agreement before clicking on the "I agree" button? And on a smartphone screen? If the answer was "recently," Joe Santilli would like to meet you.

An experienced entrepreneur and developer, Santilli is among those who have been closely following the introduction of the Application Privacy, Protection and Security (APPS) Act of 2013 by Congressman Hank Johnson, which would mandate greater transparency around the way developers collect, use and store personal information about their customers. Among other things, the APPS Act would require developers to ensure apps have "consented terms and conditions, reasonable data security of collected data, and users with control to cease data collection by opting out of the service or deleting the user's personal data to the greatest extent possible."


According to Aleecia McDonald, director of privacy at the Center for Internet and Society at Stanford Law School, the APPS Act is fairly well-tailored to many of the concerns raised by consumer protection groups. But she said that some questions around enforcement and penalties remain.


How to be proactive about the APPS Act
Though she estimated developers would have about a year to comply with the APPS Act if it passes, Aleecia McDonald offered four suggestions for developers to mull in the meantime:

1. Develop a good privacy policy. It's age-old advice but it remains critical, she said, even for developers who don't have a legal team. Plenty of templates and tools from the likes of PrivacyChoice and TrustE can help with this, she added.

2. Figure out a recording mechanism for consent. A new telecom act in the Netherland requires consent be given any time someone uses technology that relies on unique identifiers, like a website cookie. "Even if you have a single customer in the Netherlands, you need to be compliant with this," she said. "This is a big deal for a lot of companies."

3. Ensure data security on the back end. If something goes haywire with an app, you won't just lose customers--you may have to shell out big bucks to inform them of a breach. "Data breach notification is really costly," she said, noting it could require sending a physical letter to everyone affected by a hacker. "This could wipe out all your profits."

4. Create a deletion process. This isn't necessarily enshrined in many laws today, but developers should think about some kind of "eraser" button that would allow consumers to remove their personal details at any time. This is different than opting out or uninstalling an app.