“Consumer Privacy and Protection in the Mobile Marketplace” Hearing
The U.S. Senate Committee on Commerce, Science, and Transportation held yesterday a subcommittee hearing about “Consumer Privacy and Protection in the Mobile Marketplace.”
Chairman John D. (Jay) Rockefeller (D-WV) noted in his opening statement that “[t]he issue of mobile online privacy is an issue that affects nearly every American—young and old.”
Mr. David Vladeck, Director of the bureau of consumer protection of the Federal Trade Commission, remarked in his written testimony that “a single mobile device can facilitate data collection and sharing among many entities, including wireless providers, mobile operating system providers, handset manufacturers, app developers, analytics companies, and advertisers” (Vladeck testimony p. 11).
Do Not Track
A January 2010 FTC roundtable panel focused on the privacy implications of mobile technology. The FTC Staff Report, published in December 2010, proposed a new privacy framework which also applies to mobile technology. The Staff Report asked whether the implementation of a “Do Not Track” mechanism should “be extended beyond online behavioral advertising and include (…) behavioral advertising for mobile applications” (Staff Report p.98). Mr. Vladeck noted that the “FTC staff is currently examining the technology involved in a Do Not Track mechanism for mobile apps” (Vladeck testimony p. 18). Chairman Rockefeller introduced last week a bill, S.913, the Do-Not-Track Online Act of 2011, which would direct the FTC to establish standards by which consumers can inform online companies, including mobile applications, that they do not want their information collected.
Testimonies from Major Industry Players
Apple, Google and Facebook, representing the major players in the online mobile marketplace industry were invited to testify.
Mr. Bret Taylor, Chief Technology Officer of Facebook testified that Facebook users may also access the site via mobile devices, whether on the Internet or using an application. Facebook Platform, launched in 2007, allows third-parties to develop applications. Facebook also introduced Facebook Places last year, which allows users to share their real time location using their mobile devices, and “[w]ith an individual’s express permission, third-party developers can access location data” (Taylor testimony p. 12). Mr. Taylor pointed out that, in June 2010, Facebook “became the first provider to require developers to obtain “granular data permissions” before accessing individuals’ information” and that Facebook also offers its users a way to opt out entirely of the Platform and thus prevent their information from being shared with applications or websites (Taylor testimony p. 13).
Ms. Catherine A. Novelli , Vice President of Worldwide Government Affairs for Apple, explained how iPhone customers can turn off all location-based service capabilities of their mobile device, and pointed out that “Apple requires express customer consent when any application requests location based information for the first time” (Novelli Testimony p. 4). Ms. Novelli also explained the Apple “crowd-sourced database.” This secure database contains information about “known locations of cell towers and Wi-Fi access points – also referred to as Wi-Fi hotspots ” (Novelli Testimony p. 5). However, the database “does not reveal personal information about any customer” (Novelli Testimony p. 6).
Mr. Alan Davidson, Google’s Director of Public Policy testified that “[l]ocation-based services provide tremendous consumer benefit” (Davidson Testimony p. 1), and that “[m]obile location data can even save lives” (Davidson Testimony p. 3). Google’s Android phone features opt-in location controls, and Google “[does not] collect any location information — any at all — through [its] location services on Android devices unless the user specifically chooses to share this information with Google”(Davidson Testimony p. 5).
The FTC is currently reviewing the COPPA Rule, and is asking for comment on whether the Rule should be changed because of technological changes in the online environment, including the broad usage of mobile phones by teenagers. Indeed, Chairman Rockefeller noted that seventy five percent of teenagers own a cell phone. Ms. Novelli pointed out that Apple developed parental controls allowing parents to set restriction on the use of Mac products, and that, “on Apple’s iOS mobile devices, parents can use the Restrictions settings to prevent their children from accessing specific device features, including Location Services” (Novelli Testimony p. 2).
The general public is becoming more aware that smart mobile devices and applications may be able to track them, following an article published by the Wall Street Journal last month revealing that both iPhones and Androids regularly transmit their locations to Apple and Google, respectively. Twitter, which can be used on mobile devices, announced on Tuesday that it now gives its users more control over which information they wish to share with third party applications. The Federal Communication Commission has announced a public forum on smart phone location tracking systems. We mentioned earlier this week on this blog that the European Union is also concerned about this issue. We can probably expect more legislative and industry initiatives in the near future.