Skip to main content

Enter, the APPS Act

Written by Amy Malone

U.S. Rep. Hank Johnson, a Democrat from Georgia, has introduced a mobile privacy bill that if passed will require mobile application developers to maintain privacy policies, obtain consent from consumers before collecting data, and securely maintain the data they collect.

The Application Privacy, Protection and Security Act of 2013, or the “APPS Act,” also requires app developers to establish a data retention policy and allows users to request app developers to stop collecting their data and delete any stored information about the user.  App developers are charged with taking “reasonable and appropriate” measures to prevent unauthorized access to personally indefinable and de-identified information collected by the app.

Over the last year, the public was able to express their concerns and suggestions regarding mobile privacy through a web-based project called AppRights started by Rep. Johnson.  In a press release Rep. Johnson said that more than 80% of AppRights participants wanted Congress to protect consumers’ privacy on mobile devices by imposing regulations that require app developers to tell users what information is being collected and how it is being used, to secure user information and to make controls easy to implement on mobile devices.

Under the APPS Act, enforcement will be provided by the Federal Trade Commission and state attorneys general can bring civil actions on behalf of residents to enforce the regulation and obtain damages.  There is also a safe harbor provision that allows app developers to satisfy the requirements of the Act by adopting and following a code of conduct for privacy that is established using a multistakeholder process facilitated by the National Telecommunications and Information Administration.

Subscribe To Viewpoints


Cynthia J. Larose

Member / Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.