NTIA to convenes first privacy multistakeholder process – Lawrence Strickling, Department of Commerce Assistant Secretary for Communications and Information and NTIA Administrator, announced that NTIA will convene its first privacy multistakeholder process on July 12, 2012 in Washington, DC. A summary of the meeting may be found here.
Dot Com Disclosures Guidelines – On May 30th, the FTC held its public workshop on updates to the Dot Com Disclosures Guidelines, “In Short: Advertising & Privacy Disclosures in a Digital World.” See a summary of the full day of panels.
Privacy and Security of Information on Mobile Devices Public Comment Period – On May 25, the FCC released a Notice for Public Comment to the docket for the 2007 CPNI Order, Privacy and Security of Information on Mobile Devices. Specifically, the notice seeks comment on numerous questions regarding carrier and third party access to information collected and stored on mobile devices. Review IAB’s comments here.
Location-Based Services Report – On May 25, the FCC released a report, “Location-Based Services: An Overview of Opportunities and Other Considerations.” An excerpt from the report’s Executive Summary is available below:
Not surprisingly, Americans are quickly adopting LBS. As of May 2011, 28 percent of adult Americans used mobile LBS of some type.1 LBS are expected to deliver $700 billion in value to consumers and business users over the next decade.
The promise of LBS, however, comes with challenges and concerns. Because mobile devices have the ability—and often the technical requirement—to regularly transmit their location to a network, they also enable the creation of a precise record of a user’s locations over time. This can result in the creation of a very accurate and highly personal user profile, which raises questions of how, when and by whom this information can and should be used.
In light of these developments, the staff of the Federal Communications Commission (the “FCC” or “Commission”) has prepared this report on LBS. As discussed in greater detail below, drawing upon its experience in protecting consumer privacy, Commission staff believes:
- LBS have tremendous potential to provide value and foster innovation to benefit the economy and consumers;
- LBS industry players face challenges as they attempt to provide consumers with appropriate notice and choice with respect to the use of the data generated by LBS and the devices and networks that host them;
- Industry is taking steps to respond to these challenges but the degree of responsiveness varies among companies and industry segments; and
- New issues continue to emerge that need to be addressed, timely and responsively.
Consequently, in collaboration with federal partners and industry representatives, Commission staff will continue to monitor industry compliance with applicable statutory requirements and evolving industry best practices to ensure LBS evolves to meet its fullest potential while protecting the legitimate interests of consumers in safeguarding their personally identifiable information.
FTC COPPA Proposed Rulemaking
On Friday, December 23, IAB filed comments with the Federal Trade Commission in response to its Notice of a Proposed Rulemaking (NPRM) to update the Children’s Online Privacy Protection Act (COPPA). In its NPRM, the FTC sought to extend COPPA to online advertising, and define persistent identifiers such as an IP address or geolocation data as “personal information.” IAB argued the extension of COPPA’s rule to online advertising exceeded the scope of the FTC’s statutory authority, and is unnecessary in light of the current successful DAA Self-regulatory program. Furthermore, IAB argued extension of persistent identifiers to “personal information” is outside the scope of the Rule’s directive that an identifier is “personal information” if it “permits the physical or online contact of a specific individual.” In particular, IAB stressed that geo-location information on its own, is insufficient to identify a specific individual or allow personal or direct contact. The FTC received more than 350 comments to its proposed rule. IAB will update the Mobile Center and maintain communication with key FTC staff as the rulemaking process continues to develop.
Senate Appropriations Privacy Directive – The Senate Financial Services Appropriations Subcommittee marked up an appropriations bill and reported with the FTC/FCC directive below. The Full Committee marked up the bill this morning and we are in the process of gathering all amendments and language. The Committee notes the important role that the FCC plays in creating an environment that fosters technological innovation but also protects consumer privacy. Review the letter from the IAB outlining our concerns and asking that the privacy directive be removed.
Rep. Markey (D-MA) Releases Mobile Device Privacy Act Discussion Draft
On January 30, Congressman Ed Markey (D-MA) released a legislative discussion draft, The Mobile Device Privacy Act. The proposed legislation is an outgrowth of recent media coverage on practices by CarrierIQ and handset/mobile phone usage tracking software, and would require covered companies to disclose when their smartphones have monitoring software installed.
- That disclosure requirement would apply to multiple entities, including the sellers of a smartphone, telecom companies servicing the contract, and the creators of the particular device's operating system.
- Covered companies would have to disclose not only that monitoring software is installed, but also the kind of data it collects, with whom it is shared, and how it will be used.
- The disclosure requirement would extend to applications downloaded by consumers.
- The bill would require agreements for transmission of data to third parties to be filed at the FTC and FCC; and, charge the FTC and FCC (via APA Rulemaking Authority) with enforcement by setting up an opt-in consent regime and ensuring that companies receiving the data are securing it properly. Covered companies would also be subject to enforcement by state Attorneys General, and liable under a private right of action.
- The bill defines “monitoring software” broadly: software that has the capability automatically to monitor the usage of a mobile telephone or the location of the user and to transmit the information collected to another device or system, whether or not such capability is the primary function of the software or the purpose for which the software is marketed.
While we do not anticipate action on this legislation once introduced, IAB will monitor closely and ensure key congressional offices are aware of the industry’s concerns. View the draft legislation here.
SCOTUS Privacy Ruling – Geo-location and Digital Due Process
On January 23, the United States Supreme Court unanimously ruled in United States v. Jones that, attaching a GPS device to a vehicle and then using the device to monitor the vehicle’s movements constitutes a search under the Fourth Amendment. This landmark ruling provides traction to the policy debate on Capitol Hill regarding the legal standard law enforcement must meet when tracking a suspect by mobile phone geo-location and the compliance standards for companies holding this data. Hearings are widely anticipated in both the House and Senate Judiciary Committees, and will include debate over how to reform the more than 20 years-old, Electronic Communications Privacy Act, and narrower legislative proposals such as the GPS Act, sponsored by Congressman Jason Chaffetz (R-UT) and Senator Ron Wyden (D-OR).
On Thursday, May 17, the House Judiciary Crime, Terrorism, and Homeland Security Subcommittee held a legislative hearing on H.R. 2168, the Geolocational Privacy Surveillance Act (“GPS Act”). The GPS Act is intended to extend due process privacy protections to U.S. Citizens not resolved by the Supreme Court in Jones earlier this year. You will recall, the Supreme Court narrowly ruled police and state or federal agents may not attach a physical device to geo-track an individual without due process protections.
The GPS Act amends the federal criminal code to prohibit intentionally: (1) intercepting geolocation information pertaining to another person; (2) disclosing to any other person such information pertaining to another, knowing that the information was obtained in violation of this Act; (3) using geolocation information, knowing that the information was obtained in violation of this Act; or (4) disclosing to any other person the geolocation information pertaining to another person intercepted by means authorized under this Act, knowing that the information was obtained in connection with a criminal investigation, having obtained or received information in connection with a criminal investigation, with intent to improperly obstruct, impede, or interfere with a duly authorized criminal investigation. The bill sets penalties for violations.
The bill makes specified exceptions for interceptions involving: (1) information acquired by a provider of covered services (electronic communication service, remote computing service, or geolocation information service) in the normal course of business; (2) federal officers, employees, or agents conducting foreign intelligence surveillance; (3) persons having given prior consent; (4) public information; (5) emergency information; (6) theft; and (7) a warrant.
This bill is problematic in two veins, such that information acquired in the normal course of business is not sufficiently written to cover our member companies, and the bill requires consent for the acquisition of geolocation data. Commentary: This section incorporates a commercial privacy provision within a criminal law enforcement bill and is arguably subject to joint jurisdiction by the Energy and Commerce Committee.
We are working with the bill sponsor, Representative Jason Chaffetz (R-UT), to refine the bill language, as well as other committee members’ offices for amendments in the event the bill goes to a mark-up. IAB will continue to update the Mobile Policy Working Group as the process develops.
Spectrum allocation and mobile broadband infrastructure should be high on mobile marketers’ policy priorities because of the impact wireless broadband infrastructure will have on the future of the mobile advertising marketplace. Consumer mobile data demand will only further stretch current network capacity, and possibly leave little room for innovative marketing solutions, such as video and rich media.
On February 24, 2012, President Obama signed into law the Middle Class Tax Relief and Job Creation Act. The law extends certain employee and payroll benefits, and pays for it in part, by granting the Federal Communications Commission (“FCC”) authority to conduct an auction for spectrum licenses. These licenses include the use of various blocks of spectrum, including the 470-512 MHz band (T-Band Spectrum) and a number of blocks of federally owned spectrum, including 15 MHz of contiguous federal spectrum at a location to be determined between 1675 and 1710 MHz.
What is unique from past spectrum auctions however, is the FCC’s new authority to identify and auction off portions of the broadcast television bands – the so-called, voluntary dual-auction system. The FCC has recently initiated a committee of economic experts to analyze how a voluntary dual-auction system will work, and it is expected to take several years before the spectrum auctions are finalized and brought to market. In the interim, the FCC is working with the wireless industry to identify new technologies and means for efficient use of currently licensed bands, as well as sharing partnerships between the private sector and the government on federally licensed spectrum bands.
Furthermore, the White House is working with the wireless industry in the wake of an NTIA report announcing 500 megahertz of federal spectrum that may be repurposed for wireless broadband use. White House Deputy Chief of Technology, Tom Power, is leading the effort, and spoke at CTIA Wireless International show 2012 about the challenges ahead, noting this is a 10-year program of which they are only in the second year.