Two mobile-location privacy bills have been simultaneously introduced in Congress. Both are intended to regulate when location on mobile devices can be accessed and provide penalties for failure to obtain proper consent or authorization.
The first of the two bills is from Democratic Senators Al Franken and Richard Blumenthal and would require Google, Apple, app developers and others to gain consent before accessing user location information. The Hill reports that the US Justice Department would be the enforcing agency for any compliance failures.
Would Require Consent to Grab Location
According to the publication, “The bill would require firms to get customers’ expressed consent before collecting location data from their smartphones or mobile devices. Any firm that obtains location data from more than 5,000 mobile devices must take reasonable steps to protect and delete that data if requested by the customer.”
Last month Franken, in his capacity as chair of the Senate Judiciary Privacy subpanel, called Apple and Google to testify at hearings, following the “locationgate” scandal in which it was discovered that Apple and Google devices were tracking user movements without clearly obtaining consent (though Google claimed that it was getting that consent).
The second bill, from Senator Ron Wyden and Representative Jason Chaffetz, is self-consciously called the “Geolocation Privacy and Surveillance (GPS) Act.” It broadly seeks to regulate how and when “geolocation information can be accessed and used,” especially where law enforcement activities and subsequent court proceedings are involved.
The GPS Act has similar though broader objectives than the Franken-Blumenthal bill. It seeks to provide “clarity for government agencies, commercial service providers, and the public regarding the legal procedures and protections that apply to electronic devices that can be used to track the movements of individual Americans.”
The Cops Will Need a Warrant
The GPS Act requires probable cause and a warrant before the government and law enforcement can obtain access to user location via mobile devices. It parallels existing wiretapping laws and creates criminal penalties for “surreptitiously using an electronic device to track a person’s movements that parallel those for wiretapping.”
If I were thus to stalk someone using a mobile device I would be subject to criminal penalties. The GPS Act would also prevent commercial entities from sharing location information about individuals without their consent.
The “industry” isn’t going to like the imposition of rules and restrictions around how location can be used. Devices need to pass user location data to multiple third parties for ad serving and local content in many cases. That will all be made more cumbersome by explicit consent procedures. It’s very much the cousin of the behavioral targeting/privacy regulations debate going on around online display advertising.
However some sort of framework that regulates law enforcement access to mobile-location data, and prohibits secret tracking and stalking by private parties, is valuable and necessary as location becomes an increasingly critical and ubiquitous part of the mobile user experience.