This week, Congressman Johnson and the AppRights team discussed the APPS Act with the privacy community on Twitter via #PrivChat.
#PrivChat is a weekly discussion on emerging privacy issues, moderated by Amie Stepanovich, a privacy attorney at the Electronic Privacy Information Center (EPIC), and Shaun Dakin, a data privacy advocate and founder of Dakin & Associates. The discussion included a diverse list of participants, from lawyers and advocates to security experts and other people who are interested in privacy and innovation.
Before the discussion, we proposed several questions to the group based on provisions in the APPS Act. These included:
Q1: The APPS Act only applies to developers who collect personal and de-identified data. Is this a balanced approach to mobile privacy, or should the bill apply more broadly to third-party data collection? (background available at CDT: Shielding the Messengers: Protecting Platforms for Expression and Innovation (pdf))
Q2: Is de-identified data a useful definition, or is all data personal? (background available at Ars Technica: "Anonymized" data really isn't—and here's why not)
Q3: The APPS Act also creates a safe harbor for developers that comply with the NTIA's industry code (forthcoming). Does this approach provide too much leeway? (background available at EPIC: NTIA Privacy Multistakeholder Process)
Q4: The bill would require developers to provide a data-retention policy and create a mechanism for users to signal their intent to opt-out. Is it possible to delete third-party data, or should this provision continue to look to first-party data collection? (background available at Media Post: Did iOS 6 Save Mobile Advertising)
The responses to these questions were lively, particularly over whether distinguishing between classes of data or technology is a useful practice. Garrett Cobarr, a user experience designer, researcher, and strategist, commented that:
Dr. Daniel Barth Jones, an infectious disease epidemiologist, recently published a paper on the re-identification of health data. He commented that although de-identified data was a useful category, the language for the bill could be stronger:
Congressman Johnson also dropped in on Tuesday's discussion to say hello:
You can follow the rest of the conversation by clicking here (the beginning of the conversation is on the bottom of the page).
This is the second time that the AppRights team opened the legislation process to the privacy and tech community through #PrivChat. In August, we asked several questions about mobile privacy. These included questions regarding specific types of data collection, the importance of main principles, and whether legislation should distinguish between children and adults on mobile devices. There, Congressman Johnson took a moment to reach out during his campaign for re-election and introduce himself to the discussion.
We'd like to thank Amie and Shaun for hosting AppRights on #PrivChat and promoting such a thoughtful discussion on mobile privacy. We're also glad Congressman Johnson was able to join the discussion, and follow it throughout. He launched AppRights to make the legislative process as transparent and open as possible, and we look forward to hearing more ideas about how we can tinker with the APPS Act to make it as strong of a bill as possible before introduction.
For more information on the APPS Act, here is a section-by-section and summary of its major provisions. Keep letting us know what you think through our secure form on AppRights.us, or interacting with us on Facebook or Twitter.