The amount and types of personal information available on mobile devices, combined with the unique privacy concerns raised by mobile technology, has resulted in mobile privacy emerging as one of the key privacy topics of the year. Numerous agencies and organizations—both public and private—have issued guidance for best practices regarding mobile privacy, including the Federal Trade Commission (FTC), the California Attorney General and many private trade associations. Many states have also introduced bills related to mobile privacy.
The FTC recently issued a report titled “Mobile Privacy Disclosures: Building Trust Though Transparency,” which describes its best practice recommendations for mobile privacy. In the report, the FTC seeks to apply to the mobile environment principles from the privacy framework identified in its March 2012 privacy report, such as privacy by design, simplified choice and transparency. The FTC identifies specific guidelines for various participants in the mobile environment, including platform providers, application developers, third-party service providers and trade associations. The recommendations encourage companies to consider privacy from the outset (rather than as an afterthought) and include using just-in-time notices, providing clear privacy policies and obtaining express affirmative consent for the collection and sharing of certain data categories.
Other states have also begun proposing legislation related to mobile privacy. Some courts had previously ruled that police do not need a warrant from a judge in order to obtain mobile phone location data (such as GPS information) and that they only needed to show that the data contained “specific and articulable facts” related to an investigation, which is a lesser standard than probable cause. In response, Delaware, Maryland, Texas and Oklahoma have each proposed laws that would require police to obtain a warrant for location data. (California had previously passed such a law, but its governor vetoed it.) In addition, the proposed legislation in Texas would also require mobile carriers to issue an annual transparency report to the public, reporting how often they receive demands from law enforcement for mobile device-related data and how much information the mobile carriers disclose.
Private Trade Associations
While the majority of the recent mobile privacy developments have been in the form of best practice recommendations, rather than binding law, these recommendations are likely a sign of things to come. The recommendations may evolve into standards, and companies that fail to heed them may become subject to investigations and enforcement actions in the future.