On May 25, the FCC released its long-awaited Location-Based Services report, presenting the agency’s findings on the challenges and concerns it faces in regulating mobile services that rely on information about a user’s physical location. The report provides Location Based Services (“LBS”) providers with some guidelines that the FCC would like for the LBS providers to implement through self-regulation. The report makes no promises, but it appears that the FCC has left an opening for LBS providers to stave off regulation.
According to the report, FCC staff will continue to monitor industry practices regarding location-based services, with a focus on the following priorities:
(1) “privacy by design,” or making privacy considerations a part of the development of mobile devices from the very earliest stages;
(2) the security of location-based data, including obligations for third-parties that receive information collected from users by others;
(3) giving consumers adequate notice of what information is collected and how it is used, including how often notice must be given and whether it should be opt-in or opt-out; and
(4) only collecting the minimum amount of location-based data that is actually needed for a given purpose.
The report notes that, if the FCC determines that the mobile industry cannot adequately address these priorities on its own within “reasonable time frames,” it may take additional steps.
While the FCC has authority to regulate carriers’ practices regarding collection and processing of user data under Section 222 of the Communications Act of 1934, it is unclear whether it has similar authority over practices for data stored on mobile devices by third parties such as Application Developers. That’s why, as it released its report, the FCC also requested public comment “regarding the privacy and data security practices of mobile wireless service providers with respect to customer information stored on their users’ mobile communications devices, and the application of existing privacy and security requirements to that information.” The FCC’s move could be seen as a response to the revelation that several mobile carriers had installed software on mobile devices that collected location information and other data about users.
Even if the FCC does not presently have authority to regulate carriers’ practices with regard to data stored on mobile devices, several pieces of pending legislation, including bills proposed by Sen. Al Franken (D-MN) and Rep. Ed Markey (D-MA), would, if passed, give such authority to the FCC and/or FTC. This fall could be a busy one in this policy area, particularly if there is another high-profile incident regarding sharing of location data.