Yesterday’s Senate Judiciary Subcommittee on Privacy, Technology, and Law hearing on “Protecting Mobile Privacy: Your Smartphones, Tablets, Cell Phones and Your Privacy.” was followed intensely by privacy advocates.
The subcommittee, chaired by Senator Franken, heard testimony from Jessica Rich of the Federal Trade Commission, as well as fromJason Weinstein of the DOJ, Guy “Bud” Tribble of Apple, Alan Davidson of Google, Justin Brookman of CDT, researcher Ashkan Soltani, and Jonathan Zuck of the Association for Competitive Technology. Their prepared statements are available online.
Senator Franken did an excellent job of setting the tone for the hearing as one intended to inform and educate and he posed the kind of John Q. Public questions that privacy advocates have long stressed – i.e., consumers do not know or understand what is really happening with their location information. And one of the things they do not know is that federal laws such as ECPA generally do not protect the privacy of data provided to applications. Although there may be state laws providing such protection, unless an application has a stated privacy policy that explains under what conditions your data may be shared, there is no federal law that prevents application developers from just turning over your data without a warrant or even a subpoena.
By the end of the hearing, Senator Franken was still cordial and nonpartisan in tone, but it was clear that he did not think enough was being done to protect users’ privacy and I expect him to introduce legislation in the future to address some of the concerns he raised. As a case in point, neither Apple nor Google would commit to requiring app developers to provide a written privacy policy. Apple took the position that a privacy policy is not as helpful as greater transparency and notice at the point when the user might activate a feature. Apple continues to be in the hot seat as the FTC considers action against them for collecting location data from iPhone users, which Apple insists was an unintended mistake and that it does not track user locations.
Also of note, while the FTC was urging collection and retention of less data, the DOJ continues to argue for greater collection and retention of data.
Nicole Friess of InformationLawGroup has a recap of the hearing, here. Jeremy Herb of the Star Tribune provides some of the quotes from the hearing.