Senators: New smartphone tracking law needed

The U.S. Congress needs to pass new laws to protect smartphone customers from having their locations tracked by operating systems and applications, members of a Senate subcommittee said Thursday.

Democratic Senators John "Jay" Rockefeller of West Virginia and John Kerry of Massachusetts called on Congress to pass an Internet privacy bill focused on giving consumers control over their location data on smartphones and their personal data on the Internet. Smartphone apps are "totally unregulated" in terms of privacy protections, Rockefeller said during a hearing of the consumer protection subcommittee of the Senate Commerce, Science and Transportation Committee.

New rules protecting privacy on smartphones and on the Internet will create stronger consumer confidence in those industries, Kerry said during the hearing, in which lawmakers grilled representatives of Apple, Google and Facebook about their privacy practices. Thursday's hearing was the second in the Senate since it was reported that Apple and Google were tracking location information on smartphones without user permission.

"I believe that companies collecting people's information -- whether you're a tech titan or not -- ought to comply with just a basic code of conduct," Kerry said. "We need to establish what we as a society, in a country that has always valued privacy, believe is the basic, proper treatment of information."

Kerry and Rockefeller have both introduced online privacy bills in recent weeks. Kerry's bill would require Web-based businesses that collect consumer information to give clear notice about the data collection and allow consumers to opt out, while Rockefeller's bill would require online companies to honor consumer requests to opt out of tracking.

While Kerry and Rockefeller called for lawmakers to move forward on privacy legislation, the U.S. Federal Trade Commission has "a number" of open investigations targeting mobile-phone privacy practices, said David Vladeck, director of the FTC's Bureau of Consumer Protection. The FTC doesn't name the companies it is investigating, but in the past, the agency has brought complaints alleging unfair and deceptive business practices by companies that violate their own privacy policies.

However, many mobile app makers don't have privacy policies, giving the FTC little authority to take action, Vladeck told the subcommittee. "In the absence of a privacy policy, it makes things difficult for us," he said.

Some senators and witness Morgan Reed questioned the need for new regulations. Heavy-handed regulation could slow the growth of the smartphone apps market, made up largely of small businesses, said Reed, executive director of the Association for Competitive Technology (ACT), a tech trade group.

ACT has a working group to develop privacy guidelines for app developers, Reed said. "Most mobile apps collect no information, and therefore, aren't technically required to have a policy," he said. "But we feel they should, not because of regulation, but because the most valuable asset they have is their trust from their customers."

Asked by Senator Amy Klobuchar, a Minnesota Democrat, if self-regulation by the mobile industry on privacy issues was enough to protect consumers, Reed said he disagreed with Vladeck that the FTC has no authority in the area. Even without a privacy policy in place, the FTC could pursue a complaint of unfair business practices against a company that puts personal data to bad use, he said.

Representatives of Apple and Google defended their privacy practices, saying they do not collect and retain personal data without customer permission. Google is looking into whether it should require its app providers to have privacy policies, said Alan Davidson, the company's director of public policy for the Americas.

But Amy Guggenheim Shenkan, president and CEO of child advocacy group Common Sense Media, questioned if tech companies are doing enough to protect privacy. "It's so jarring to hear their can't-do attitude when it comes to inventing technological solutions to protect kids," she said. "We get half-measures after the fact, and then they only offer partial solutions. They can do better."

Guggenheim Shenkan called on Congress to require that Internet and mobile-phone companies get permission before tracking consumers. The standard should be "private by default and public by effort," she said. "Today, it's the other way around."

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

FREE Computerworld Insider Guide: Five IT certifications that won’t break you
Join the discussion
Be the first to comment on this article. Our Commenting Policies