Representative Hank Johnson introduced the Application Privacy, Protection and Security (APPS) Act to Congress on 9 May and although the Marketing Research Association (MRA) appreciated that the act was relatively circumspect with some welcome flexibility in the de-identification process, it still had “serious concerns” with the bill.

In particular, it was worried about the act fully empowering the Federal Trade Commission (FTC) to define what the term ‘personal data’ meant, as the MRA had already seen in a previous act’s amendment debate that the FTC thought this meant that almost any piece of information could be personally identifiable.

In addition the FTC would decide what ‘de-identified data’ meant, despite a continuing debate over de-identification in academic and technological circles.

The MRA said that even the act’s requirement that mobile app transparency notices include a data retention policy could be problematic for survey opinion and marketing research as “the research needs in data retention can be difficult to predict”.

More broadly, the association said it was concerned that moves to introduce statutes or regulations were not giving industry attempts to introduce a workable privacy code of conduct a chance.

Howard Fienberg, director of government affairs at the MRA, said: “While we applaud Representative Johnson for including a specific safe harbour for entities that adhere to such a code – something that the FTC has already flatly rejected during multi-stakeholder process meetings – it is hard to embrace legislation in relation to an unfinished and still somewhat uncertain code.”

He added: “We continue to urge policymakers to patiently await a conclusion and to perhaps even see how the resulting code works or does not work for consumers, before they leap into writing new statutes or regulations.”