In the wake of questions about software developed by CarrierIQ, Congressman Ed Markey (D-MA) has prepared a draft “Mobile Device Privacy Act.” As drafted, the legislation would task the Federal Trade Commission (“FTC”) with setting a host of regulations on “monitoring software” for mobile phones.
The bill defines “monitoring software” broadly, as software that “has the capability automatically to monitor the usage of a mobile telephone or the location of the user and to transmit the information collected to another device or system, whether or not such capability is the primary function of the software or the purpose for which the software is marketed.” The bill would apply even if the software is not activated or used. However, information transmitted from a phone to that phone’s commercial mobile or mobile broadband service provider would be excluded.
Within one year, the FTC would be required to promulgate regulations requiring clear and conspicuous disclosures to consumers about “monitoring software” installed on mobile phones. These disclosures would be provided at the time of device sale, service sale, or software installation, and would be provided by phone vendors, service providers, phone manufacturers, operating system providers, or website and online service operators as appropriate.
The FTC would also promulgate regulations requiring such companies (1) to obtain consumers’ prior express consent to any data collection or transmission by such software; (2) to establish an information security program for any data received from such software; and (3) to file, with both the FTC and Federal Communications Commission (“FCC”), a copy of any contract for sharing data from such software between companies.
The bill would create a private right of action allowing plaintiffs to seek up to $1,000 in statutory damages for each violation, or treble damages for willful or knowing violations. The new requirements could also be enforced by state authorities, the FTC, and the FCC.