Digital threats are constantly evolving, and the safety of our personal information has never been more critical. Small business developers work tirelessly to protect personal data using platform-provided tools like encryption, user authentication, operating system-level privacy controls, and app store vetting processes. However, privacy and security shouldn’t stop there. Developers need Congress’s help to keep users’ information safe—not only by rejecting proposals that would weaken critical digital privacy infrastructure but also by passing a national data privacy law that includes the “four Ps of privacy.”
How Developers Keep You Safe
Small business developers rely on platform-level controls and technical protection measures to ensure the safety and security of user data. In many cases, small app companies rely on the encryption and authentication protections built into the messaging services with which their apps interoperate and the operating systems on which their apps run. Encryption safeguards information by making it unreadable to unauthorized users, while user authentication ensures that only verified individuals can access sensitive data. App store vetting and dispute resolution mechanisms help developers fend off intellectual property theft and malicious data manipulation apps, that often pose as legitimate apps like those our members make, quickly and effectively.
These safeguards are crucial in building and maintaining consumer trust, which is especially important for smaller companies. When users feel confident that their data is secure, they are more likely to engage with and support businesses with names they may not recognize. Trust is the foundation upon which small developers can innovate and grow, but developers need the help of policymakers to create the most effective environment to protect their users’ information.
How Congress Can Help
Legislation plays a pivotal role in shaping the digital landscape, and laws, rules, and regulations should not inadvertently harm the groups they aim to protect. Provisions in bills like the American Innovation and Choice Online Act (AICOA) and the Kids Online Safety Act (KOSA) could reduce the ability of platforms to enforce robust security measures, making the data privacy environment worse for developers, consumers, and the app economy at large.
Just as concerning, the absence of a federal privacy law not only exacerbates the potential negative effects of these bills but also creates a patchwork of state regulations, leading to inconsistencies and gaps in data protection. Without a federal privacy law in place, developers lack a consistent framework for data protection, amplifying the new security risks AICOA and KOSA would introduce. This would make it harder to maintain robust security measures across all 50 states and leave both developers and users more vulnerable to data breaches and misuse. Balancing innovation and regulation is key to ensuring that developers can continue to protect their users while fostering a secure and thriving digital economy.
DON’T: Pass Bills That Would Weaken Privacy and Security
It is crucial to avoid passing legislation like AICOA and KOSA, which could significantly harm the app economy for both developers and users. These bills would affect privacy and security in different ways but raise similar concerns. They would undermine developers’ efforts to maintain a secure digital environment, ultimately putting user data at greater risk.
American Innovation and Choice Online Act: AICOA would dismantle critical security measures by eliminating, among other things, central app store management functions and platform-level controls consumers currently rely on to protect their privacy and security on their mobile devices. At the same time, AICOA would mandate that sensitive personal information, including data about kids, be available to all developers in order to serve competition interests. This would disregard consumer preferences for privacy and introduce two serious risks to users’ privacy and security.
Kids Online Safety Act: KOSA, meanwhile, would mandate sweeping additional collection of sensitive personal information on all users of covered platforms, which introduces new privacy and security risks to users. KOSA would also mandate that parents be allowed to view and change privacy and account settings, opening up potential new attack vectors for bad actors posing as parents. Additionally, KOSA’s broad requirements to prevent and mitigate harm to minors, including “predatory, unfair, or deceptive marketing practices,” would impose privacy-related liabilities that clash with KOSA’s own data collection and age verification mandates.
DO: Pass Federal Privacy Legislation
Tech entrepreneurs, like our members, are not only at the forefront of ensuring data privacy, but they’re also experts in promoting the responsible use of data for their customers and securing personal data against unauthorized access. Their deep understanding of the critical need for a national privacy framework is the driving force behind advocating for the enactment of a national privacy law that fosters a secure, transparent, and innovative digital landscape.
Central to the success of a data privacy law are the “four Ps of privacy”: Preemption, Protection Against Unauthorized Access, Path to Compliance, and strict limits on any Private Right of Action. These four principles are pivotal for establishing a unified privacy standard that simplifies compliance for businesses, particularly small enterprises, and bolsters consumer trust and existing security measures. We hope to see Congress incorporate the “four Ps” as they draft and amend data privacy legislation.
Moving Forward
Privacy and security are not just buzzwords—they are essential to maintaining trust in our digital ecosystem. Congress must reject harmful regulations that weaken platform-provided tools that consumers rely on to protect themselves on their smart devices and instead pass a comprehensive federal privacy law that incorporates the “four Ps of privacy.” This approach will provide clarity for small businesses and robust protection for consumer data, ensuring a secure digital future for all. Just as developers keep you safe by utilizing vital tools and processes, it’s now Congress’s turn to protect the developers who safeguard our data.