The Federal Trade Commission (FTC) is asking Congress to make it the chief rule maker and enforcer of policies for the collection and sharing of geolocation information, according to testimony this week.
Jessica Rich, Director of the FTC Bureau of Consumer Protection, told the Senate Judiciary Committee’s Subcommittee for Privacy, Technology that the Commission would like to see changes to the wording of the Location Privacy Protection Act of 2014 (LPPA), draft legislation designed to spell out consumer protections pertaining to the location data. Rich said that the FTC, as the U.S. Government’s leading privacy enforcement agency, should be given rule making and enforcement authority for the civil provisions of the LPPA. The current draft of the law instead gives that authority to the Department of Justice (DOJ).
The LPPA legislation (PDF) was proposed in March by Sen. Al Franken, and co-sponsored by Senators Coons (D-DE) and Warren (D-MA). It proposes updating the Electronic Communications Privacy Act to take into account the widespread and availability and commercial use of geolocation information provided. LPPA requires that companies get individuals’ permission before collecting location data off of smartphones, tablets, or in-car navigation devices, and before sharing it with others. It would prevent what Franken refers to as “GPS stalking,” preventing companies from collecting location data in secret. LPPA also requires companies to reveal the kinds of data they collect and how they share and use it, bans the development, operation, and sale of GPS stalking apps and requires the federal government to collect data on GPS stalking and facilitate reporting of GPS stalking by the public.
FTC says that the LPPA dovetails with its own efforts to protect consumers. Rich told the Senate Subcommittee that the law supports the FTC’s own reading of the term “geolocation information” and would codify FTC actions such as requesting customer consent before location data is collected and requiring transparency when companies are collecting location information.
Allowing the FTC to take the lead on civil enforcement of LPPA provisions would be consistent with the Commission’s current role as the lead agency pursuing violations of consumer protections among makers of mobile devices and applications. The company has taken a number of actions in recent months to address what it considers dodgy business practices. Among other things, the FTC has settled complaints against Goldenshores Technologies, the maker of a popular Android mobile flashlight application over charges that the company used deceptive advertising to collect location and device information from Android owners. It also settled with a Utah firm that makes IZON wi-fi enabled home surveillance cameras for shipping products that proved easy to hack into and tamper with.