Rep. Johnson Introduces Mobile App, Data Broker Privacy Bills

King & Spalding
Contact

Representative Hank Johnson (D-GA) introduced two bills on February 10 targeting digital information privacy. The first, the “Application Privacy, Protection, and Security Act of 2016” (H.R. 4517) (the “Apps Act”), would establish minimum requirements for mobile applications’ privacy and security practices. The second, the “Data Broker Accountability and Transparency Act of 2016” (H.R. 4516) (the “Data Act”), would give consumers the right to review and correct information associated with them that is held by commercial data aggregators. Both bills would authorize new rulemaking by the Federal Trade Commission (“FTC”). While neither bill is likely to become law in the current Congress, a major new data breach or similar event could rally support for their ideas.

The Apps Act would require mobile app developers to disclose their privacy policies and permit users who cease using the app to request that the developer not only cease to collect new information from the user, but also stop sharing and (if practicable) delete any personal information already collected. Moreover, developers would be required to take “reasonable and appropriate measures” to safeguard the data they collect from users. The Apps Act authorizes the FTC to enforce these requirements under its existing unfair and deceptive trade practices authority codified in Section 5 of the FTC Act and permits state enforcement actions as well. Interestingly, the Apps Act provides a safe harbor as to all of its obligations for developers who adopt and comply with privacy policies approved by the FTC.

The Data Act requires that covered data brokers take practical steps to ensure the accuracy of the data they collect and prohibits obtaining or disclosing information under false pretenses. As with the Apps Act, the Data Act would permit individuals to review and correct this stored information and to indicate their preference not to have their identifying information shared for marketing purposes. The Data Act further requires that covered brokers take steps to permit audits of any access to or sharing of this data. The bill would also permit the FTC to release new rules regarding specific exceptions and procedures for the individual access it mandates.

The Data Act applies to “covered data brokers,” defined as any commercial entity that collects personal information from individuals other than its employees or customers in order to provide it to third parties, except as the FTC may exclude by future rulemaking. As such, the Data Act puts significant authority into the hands of the FTC to determine the practical scope of these new requirements. In the FTC’s own 2014 report on data brokers, it noted that American consumers were often unaware of the extent, or even the existence, of this industry. The exact contours of any exceptions promulgated by the FTC will be very important to those to whom third-party data is an important asset.

Both bills have now been referred to the House Energy and Commerce Committee. Although the Apps Act has attracted early bipartisan support, and the Data Act joins a companion bill introduced in the Senate last year (S. 668), neither is likely to be enacted in the waning months of the 114th Congress. However, individuals’ privacy on mobile devices and cloud services is an increasingly salient issue among the public. If another significant data breach takes place, whether this year or later, these bills could be well-placed to influence the shape of any new legislation that ultimately results.

Reporter, Daniel Ray, Silicon Valley, +1 650 422 6715, dray@kslaw.com.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© King & Spalding | Attorney Advertising

Written by:

King & Spalding
Contact
more
less

King & Spalding on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.