FCC Votes to Apply Privacy Rules To Data Collected on Wireless Devices

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

The Federal Communications Commission voted June 27 to require wireless carriers to adhere to the agency's Customer Proprietary Network Information (CPNI) rules, which historically have governed only how traditional telephone companies and providers of internet-based phone services treat their customers' personal data.

Under a declaratory ruling, when a wireless carrier collects a customer's personal information, such as a number dialed, the length of a call, and the location of where a call is placed or received, that company may use or disclose it only as permitted by the commission's CPNI rules.

The ruling also makes it clear that carriers must take “reasonable precautions” to prevent unauthorized disclosure of such information, including by third-party marketers.

What is more, when a wireless carrier collects such information about customers' use of their devices using pre-installed applications, the ruling requires them to protect that information.

Though significant, the ruling only applies to wireless carriers, not operating systems run by companies such as Google Inc. or Apple Inc., a point each commissioner underscored in their statements.

An FCC official told BNA June 5 on background that the FCC would soon vote on the issue (12 PVLR 1006, 6/10/13).

Lone GOP Commissioner Concurs in Part

The lone Republican FCC Commissioner, Ajit Pai, voted to approve in part and concur in part.

He said he did not agree with every legal theory presented by FCC staff in the declaratory ruling, particularly that Section 222(c)(1) of the Communications Act makes a wireless carrier responsible for CPNI data that it has neither received nor obtained.

He did, however, agree that there is no “mobile device exception” to either Section 222 or the CPNI rules.

“If information is covered by the statutory definition of CPNI set forth in section 222(h)(1), then it is CPNI, regardless of whether it is located on a mobile device,” Pai said.

He also supported the ruling's “limited scope,” noting that it only applies to information that is both collected by or at the direction of the carrier and may be accessed or controlled by the carrier or its designee.

“If a carrier is not responsible for the collection of certain data, then it may not be held responsible for protecting that data. Likewise, if a carrier doesn't have access to or control over information, then it is not obligated to safeguard it,” he said.

A Call for Simplicity

Meanwhile, Democratic Commissioner Jessica Rosenworcel said she hoped the agency will be proactive in helping consumers understand how data are collected on mobile phones.

Consumers should not have to be “network engineers or lawyers,” she said. “We should strive to simplify privacy policies across all platforms.”

Win for Chairwoman

The vote was a win for acting FCC Chairwoman Mignon Clyburn, who assumed the top FCC job on an interim basis when Julius Genachowski stepped down May 17 (12 PVLR 781, 5/6/13).

Clyburn has been a longtime proponent of wireless consumer protection.

In recent filings with the commission, wireless carriers had urged the FCC to encourage voluntary, industry-driven guidelines, rather than mandatory rules.

The declaratory ruling is available at http://transition.fcc.gov/Daily_Releases/Daily_Business/2013/db0627/FCC-13-89A1.pdf.

Pai's statement is available at http://transition.fcc.gov/Daily_Releases/Daily_Business/2013/db0627/FCC-13-89A4.pdf.

Rosenworcel's statement is available at http://transition.fcc.gov/Daily_Releases/Daily_Business/2013/db0627/FCC-13-89A3.pdf.

Clyburn's statement is available at http://transition.fcc.gov/Daily_Releases/Daily_Business/2013/db0627/FCC-13-89A2.pdf.