Nihar Shah has a nice recap of the recent GAO report:
The Government Accountability Office (“GAO”) released a study in September, 2012 analyzing the collection, use and disclosure practices of fourteen companies operating in the mobile field regarding location data collected from consumers. In the absence of laws or regulations regarding the collection of location data specifically, the GAO compared the policies of the fourteen companies to best practices regarding the collection and use of personal information generally, aggregated from federal agencies such as the Federal Trade Commission (“FTC”) and Federal Communications Commission (“FCC”) and from self-regulatory bodies such as the CTIA – The Wireless Association. The study found that the companies’ practices included several departures from established best practices. The agency also determined that inconsistencies in what the policies say companies will do with location data and what the companies actually do with that data are exposing consumers to serious privacy risks.
Read more on InfoLawGroup.