WASHINGTON—Every time you use an app on you iPhone, the app is collecting data on you– that’s lots and lots of data. And experts say those bytes of information detailing your life, may not be needed to operate the application.
Initially, developers likely didn’t consider what information was needed to run the app,said Alan Butler, senior counsel at the Electronic Privacy Information Center. Instead, they built their programs to collect all of the data they could possibly need.
But that is the wrong approach, Butler said.
Beyond the type of information collected, app developers need to determine how long the information will be stored and how will it be kept secure, he said. The more data that is collected and stored, the great the threat for data breaches, Butler said.
So what data is being collected? Well, it depends on the company.
Some companies, like cell phone providers, automatically collect consumer information such as called numbers, times of calls, locations and cellular data usage.
Cell phone companies are limited in acting on automatically collected data. Companies can choose to archive and never use information or discard it after a certain amount of time said Paul Rosenzweig, author of Cyber Warfare: How Conflicts in Cyberspace are Challenging America and Changing the World.
With all of the information collected in addition to how frequently users bring their phones with them, Rosenzweig said, “your cellphone is you.”
Rosenzweig likened the process to something called the mosaic theory. According to the theory a collection of small data points can create a picture more representative than each piece of information individually.
Smartphones play into this mosaic by contributing to the information available about a user, especially one who chooses to use social media.Rosenzweig said a comprehensive image can be created of any individual, in part by just interacting with some of iPhone’s applications.
With data collection comes increased responsibility
The relationship that an iPhone user has with the company’s application is a business one.“Sharing is something we do in kindergarten,” Butler said. But when a user gives information access to apps such as Snapchat, they are doing so under the assumption that their data is going to be used properly.
But when it’s not, what then?
Ensuring companies are using data for the right reasons is not an easy task, Butler said. That’s why EPIC supports a strong consumer bill of rights, guaranteeing consumers online protections, he added.
President Barack Obama has supported such legislation since 2012, but none of his efforts have made it out of Congress.
The administration’s 2015 proposal is scaled back in comparison to its 2012 approach, EPIC said in a March statement. Not only does the proposal lack adequate consumer protections but may also burden businesses, EPIC said.
EPIC has a code of fair information practices, which is rooted in five principles–no personal record-keeping systems can be kept private, a person must be able to find out information recorded about them, prevent it from being used incorrectly, amend incorrect information and organizations with collected data must protect against its misuse. EPIC suggests crafting better legislation that aligns with its code.