Markey Circulates Draft Mobile Privacy Act, With FTC Data Security Regs, Private Action

The Telecommunications Law Resource Center is the most comprehensive reference and news platform for communications law, covering broadcasting, cable, broadband, telephony and wireless;...

By Amy E. Bivins  

The Federal Trade Commission would be charged with promulgating regulations requiring entities that sell mobile telephones directly to consumers or provide mobile and mobile broadband services to clearly and conspicuously disclose their use of monitoring software and to securely store any collected data under a draft mobile privacy bill circulated by Rep. Edward J. Markey (D-Mass.) Jan. 30.

The proposal responds to a December announcement that mobile software company Carrier IQ installed programs on millions of smart phones and mobile devices that could monitor users' activities and relay that information back to Carrier IQ without subscribers' knowledge. Markey has called on the FTC to investigate the company for potentially unfair or deceptive trade practices. Many putative class action lawsuits have also been filed.

A bill pending in the Senate (S. 1223), sponsored by Sen. Al Franken (D. Minn.), would require mobile device service providers to get customers' express consent before collecting their geolocation data or sharing collected data with third parties.

Notice, Consent, Data Security.

The proposal would apply to persons in the business of selling mobile phones directly to consumers and providers of commercial mobile service or mobile broadband service to disclose the existence or installation of monitoring software on those devices. But it appears to reach significantly more broadly than that. It also would cover: “a person who operates a website or other online service from which a consumer downloads monitoring software for installation on a mobile telephone[.]”

The proposal defines monitoring software as having the capability to automatically monitor the usage of a mobile telephone or the location of the user and to transmit the information collected to another device or system, whether or not such capability is the primary function of the software.

The bill would require the FTC to promulgate regulations requiring clear and conspicuous notices to consumers and express consent prior to the time when the monitoring software first begins collecting and transmitting information. The FTC would also be charged with creating data security requirements for that data. Covered entities would be required to file those notices with the FTC and Federal Communications Commission.

The proposal would be enforceable under Section 5, and also by the FCC and state attorneys general. The proposal also includes a private right of action for injunctive relief, actual damages, or statutory damages of $1,000 for each violation.

Full text of the discussion draft is available at http://markey.house.gov/bill/mobile-device-privacy-act.