On June 28, 2011, the Federal Communications Commission (FCC) and the Federal Trade Commission (FTC) held a joint forum-attended by representatives from telecommunications carriers, technology companies, consumer advocacy groups and academia-to discuss issues related to mobile privacy.  The forum specifically addressed privacy protections for the geolocation information of users of location-based services (LBSs), such as mobile applications that make use of users' geolocation information, and whether legislation or regulation is needed to ensure the privacy of users' location information.  This forum is part of the continuing uptick in legislative and regulatory interest in privacy matters, which has included reports issued in late 2010 by the FTC and the Department of Commerce and several privacy-related bills in Congress, including two recent bills addressing geolocation privacy specifically.

Conflicting Views Aired

Joint forum participants generally agreed that that customers benefit from LBSs.  Consumer advocate participants, however, expressed concern about potential other uses of location data, including the retention, transfer and sale of such information.  The Center for Democracy and Technology voiced support for comprehensive privacy legislation that would establish baseline privacy rights and requirements applicable to user information, including geolocation data.  Most telecommunications carriers and technology companies, on the other hand, disfavored additional regulation or legislation, arguing that companies had marketplace incentives to be extremely careful about user privacy, and that, given the early stage of the LBS industry, the government likely lacks the information needed to create requirements that would meaningfully protect user privacy without stifling innovation and growth in the LBS space.

While it is unclear what future requirements may result from the ongoing focus on privacy matters, businesses should take positive steps to ensure that they collect, use and handle user information appropriately.  For example, the privacy policies that govern a company's web and mobile offerings should completely and accurately reflect that company's real-world collection and use of data.  Businesses should take great care to avoid collecting personal information from children and remember that marketing to mobile devices often requires opt-in consent.  Companies also should ensure that they provide adequate security for the user data they collect.