Application Privacy, Protection and Security Act of 2013
This bill makes it a requirement for applications to require consent from users before collecting personal information, and requires developers to delete personal data upon request.
The language about securing information from a security breach is vague, “reasonable and appropriate” could be more defined with code review and certification for best practices for encrypting personal data.
I’m concerned that if this bill isn’t coupled with having the freedom to modify and have access to the source code of software this could lead to no better privacy than before as users could be coerced into consenting, which is mostly already the situation. There would be very little options as an alternative with provider “lock-in”, and no means to escape. Furthermore there would be no means to be able-to verify how information is being used if there isn’t a way to inspect source code.