Senate Judiciary Chairman Patrick Leahy (D-Vt.) May 10 said that he hopes to introduce legislation soon to update the Electronic Communications Privacy Act, a 1986 privacy law that limits data-sharing by communications service providers.
The announcement came in remarks prepared for a subcommittee hearing examining reports that popular smartphones--Apple Inc.'s iPhone and Google Inc.'s Android--have been tracking and sharing the location of users.
“The collection, use and storage of location and other sensitive personal information has serious implications regarding the privacy rights and personal safety of American consumers,” Leahy said. “As this committee considers important updates to the ECPA and other federal privacy laws, it is essential that we have full and accurate information about the privacy impact of these new technologies on American consumers and businesses.”
The hearing was the first held by the new Senate Judiciary Subcommittee on Privacy, Technology, and the Law, chaired by Sen. Al Franken (D-Minn.).
At the hearing, Franken said that his goal for the subcommittee is to help members understand the benefits and privacy implications of new technology; to educate the public; and, if necessary, to take legislative action in order to ensure that privacy protections for consumers are keeping pace with technology.
“[W]e have some protections here and there, but we're not even close to protecting all of the information that we need to,” he said. “I believe that consumers have a fundamental right to know what data is being collected about them. I also believe that they have a right to decide whether they want to share that information, and with whom they want to share it and when. And I think we have those rights for all of our personal information.”
Franken noted that both Apple and Google have come under fire in recent weeks because of reports that iPhones and Androids have secretly been keeping track of users' location data. Under current law, the companies are free to disclose location data and other sensitive information to “almost anyone they please,” without the consumer's consent, he said.
Deputy Assistant Attorney General Jason Weinstein told the panel that ECPA places a “great deal” of restriction on a communications service provider's ability to furnish location information to the government, but the law imposes virtually no limitations on data-sharing with other parties.
Jessica Rich, deputy director of the Federal Trade Commission's Bureau of Consumer Protection, said the rapid growth of mobile devices presents opportunities for consumers, but also raises “real privacy concerns.”
Currently, the FTC relies on its authority under the FTC Act, which prohibits unfair or deceptive trade practices, to address mobile privacy issues, Rich said.
“This law applies regardless of whether a company is marketing offline, through your desktop or telephone, or using a mobile device,” she explained.
While the commission's public law enforcement efforts in the mobile arena are still in the early stages, the agency is moving forward quickly and has already brought cases against major industry players, including Twitter, Rich noted. A number of mobile investigations are still in the pipeline, and many of them are expected to be completed in coming months, she added.
Meanwhile, the FTC is also examining mobile issues as part of a larger effort to develop recommendations for strengthening U.S. consumer privacy protections. A preliminary staff report, published in December, called for firms across the business community to build privacy protections into their everyday practices--a so-called privacy-by-design approach.
The report also proposed that firms provide consumers with simpler privacy choices. In addition, it recommended that companies obtain affirmative express consent before collecting or sharing sensitive consumer information, such as “precise geolocation data.”
“Misuse of that kind of data can have real consequences for consumers,” Rich said. “If it falls into the wrong hands, [location data] can be used for stalking ... You can also know what church somebody has gone to, what political meeting they've gone to ... So, that is sensitive data that requires special protection.”
Representatives of Apple and Google assured the subcommittee that the companies are committed to protecting the privacy of consumers.
Guy Tribble, vice president for software technology at Apple, said in his written testimony, for example, that the firm does not share personally identifiable information with third parties for marketing purposes without consent, and third-party application developers are required to agree to specific restrictions. He added that Apple does not track users' locations and has no plans to ever do so, echoing a recent public statement from the company.
Similarly, Alan Davidson, director of Public Policy at Google, said the company does not collect any location information through Android devices unless the user specifically chooses to share such data. However, the company does not control the behavior of third-party applications, including how they handle location information and other user data obtained from the device, even though they are “strongly encouraged” to abide by best practices.
Ashkan Soltani, a privacy researcher and consultant, told the subcommittee that mobile applications currently do not provide consumers with sufficiently detailed notices about how their location and other sensitive information will be collected and used.
“While user consent is typically required before applications are allowed access location information, the purpose may not always be apparent to the user, and the user may have no indication that this information will subsequently be disclosed to third parties,” he said in prepared remarks.
Soltani added that data sharing is not limited to location information. “Applications can access and transmit data which includes text messages, emails, phone numbers, contacts stored, and even browser history stored on the device, as well as any information users knowingly enter in the process of using the app,” he said.
Witness testimony is available at http://judiciary.senate.gov/hearings/hearing.cfm?id=5157.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)