October 11, 2012

Markey Statement on GAO Report on Mobile Device Location Data

Lawmaker introduced Mobile Device Privacy Act to require companies to disclose capability to monitor telephone usage, require express consent prior to monitoring

WASHINGTON, D.C. – Congressman Edward J. Markey (D-Mass.), co-Chair of the Bi-Partisan Congressional Privacy Caucus and senior member of the Energy and Commerce Committee, today released the following statement after the Government Accountability Office (GAO) released the new report “MOBILE DEVICE LOCATION DATA: Additional Federal Actions Could Help Protect Consumer Privacy” that calls for development of industry codes of conduct and issuance of guidance on mobile companies’ appropriate actions to protect location data privacy.

“In the 21st century, a mobile phone isn’t just capturing who we call and what we say, it is also transmitting where we are. I welcome the GAO’s recommendation of strong federal rules for mobile phone companies to help protect customers from having their locations shared with third parties without their knowledge or consent. I introduced H.R. 6377, the Mobile Device Privacy Act, to ensure greater transparency in the transmission of consumers’ personal information and empower consumers if they want to say no to such transmission. I look forward to working with my congressional colleagues to address this important consumer protection issue and pass this legislation.”

Rep. Markey’s “Mobile Device Privacy Act” protects consumers by requiring:

Disclosure of mobile telephone monitoring when a consumer buys a mobile phone; after sale, if the carrier, manufacturer, or operating system later installs monitoring software; and if a consumer downloads an app and that app contains monitoring software.
The disclosure includes the fact that the monitoring software has been installed on the phone, the types of information that are collected, the identity of the parties to which the information is transmitted, and how such information will be used.
Consumer consent before monitoring software begins collecting and transmitting information.
The party receiving the personal information must have policies in place to secure the information.
Agreements on information transmission must be filed at the Federal Trade Commission (FTC) and Federal Communications Commission (FCC).
An enforcement regime for the FTC and FCC, along with state Attorney General enforcement and a private right of action.

###