The Senate Commerce Committee “will hold a May hearing on consumer privacy on mobile phones, Chairman Jay Rockefeller (D-W.Va.) announced Thursday,” according to The Hill.
The announcement follows the discovery that iPhones track and store information about users’ whereabouts, a discovery Apple says it will fix through a software update.
Rockefeller called this incident "just the latest in a string of concerns raised in the mobile marketplace." He said the mobile marketplace "collects and uses a wide range of personal information — often with inadequate or untimely disclosure."
Senator Al Franken (D-MN), who chairs the Judiciary Subcommittee on Privacy, Technology and the Law, announced today “that he will be holding the subcommittee’s first hearing, titled Protecting Mobile Privacy: Your Smartphones, Tablets, Cell Phones and Your Privacy,” according to a press release from his office.
It will take place on Tuesday, May 10 at 10:00 a.m. (D.C. time).
Sen. Franken has invited representatives from Apple and Google. Confirmed witnesses include officials from the Department of Justice and the Federal Trade Commission; Ashkan Soltani, independent privacy researcher and consultant; and Justin Brookman, Director of the Center for Democracy and Technology’s Project on Consumer Privacy.
“Recent advances in mobile technology have allowed Americans to stay connected like never before and put an astonishing number of resources at our fingertips,” said Sen. Franken. “But the same technology that has given us smartphones, tablets, and cell phones has also allowed these devices to gather extremely sensitive information about users, including detailed records of their daily movements and location. This hearing is the first step in making certain that federal laws protecting consumers’ privacy-particularly when it comes to mobile devices-keep pace with advances in technology.”
Senators John Kerry (D-MA) and John McCain (R-AZ) introduced legislation today “that would establish a ‘privacy bill of rights’ to protect people from the increasingly invasive commercial data-collection industry,” according to the Wall Street Journal.
The bill, known as the Commercial Privacy Bill of Rights Act of 2011, would require companies to seek permission before sharing “sensitive” data with outsiders. It would also give people the right to see data collected about them or to stop their data from being shared.
The bipartisan proposal would create the nation’s first comprehensive privacy law. Current laws cover only the user of certain types of personal data such as financial and medical information. The measure largely adopts recommendations made last year by the Obama Administration.
According to a press release, these privacy rights include:
- The right to security and accountability: Collectors of information must implement security measures to protect the information they collect and maintain.
- The right to notice, consent, access, and correction of information: Collectors of information must provide clear notice to individuals on the collection practices and the purpose for such collection. Additionally, the collector must provide the ability for an individual to opt-out of any information collection that is unauthorized by the Act and provide affirmative consent (opt-in) for the collection of sensitive personally identifiable information. Respecting companies existing relationships with customers and the ability to develop a relationship with a potential customers, the bill would require robust and clear notice to an individual of his or her ability to opt-out of the collection of information for the purpose of transferring it to third parties for behavioral advertising. It would also require collectors to provide individuals either the ability to access and correct their information, or to request cessation of its use and distribution.
- The right to data minimization, constraints on distribution, and data integrity: Collectors of information would be required to collect only as much information as necessary to process or enforce a transaction or deliver a service, but allow for the collection and use of information for research and development to improve the transaction or service and retain it for only a reasonable period of time. Collectors must bind third parties by contract to ensure that any individual information transferred to the third party by the collector will only be used or maintained in accordance with the bill’s requirements. The bill requires the collector to attempt to establish and maintain reasonable procedures to ensure that information is accurate.
Some other elements of this legislation:
- Enforcement: The bill would direct State Attorneys General and the Federal Trade Commission (FTC) to enforce the bill’s provisions, but not allow simultaneous enforcement by both a State Attorney General and the FTC. Additionally, the bill would prevent private rights of action.
- Voluntary Safe Harbor Programs: The bill allows the FTC to approve nongovernmental organizations to oversee safe harbor programs that would be voluntary for participants to join, but would have to achieve protections as rigorous or more so as those enumerated in the bill. The incentive for enrolling in a safe harbor program is that a participant could design or customize procedures for compliance and the ability to be exempt from some requirements of the bill.
- Role of Department of Commerce: The Act directs the Department of Commerce to convene stakeholders for the development of applications for safe harbor programs to be submitted to the FTC. It would also have a research component for privacy enhancement as well as improved information sharing.