Congress is considering landmark data privacy legislation
Federal agencies are putting both carriers and data brokers on notice that they are looking more closely at companies’ use and sale of consumer data—particularly location data from mobile devices.
Such data is often “anonymized” and meant to be used for targeted advertising. But patterns of behavior and location can make people easily identifiable even if their names are not directly provided, particularly in small or rural communities. Both regulators and lawmakers are increasingly concerned about ability of third parties, from individuals to law enforcement, to purchase massive amounts of such data and how it might be the basis of anything from criminal investigation to stalking and harassment.
The Federal Communications Commission recently announced a new investigation into how mobile network operators use subscribers’ geolocation data and has added the ability for consumers to file privacy-related concerns or complaints.
Earlier this week, meanwhile, the Federal Trade Commission announced that it is suing data broken Kochava for “selling geolocation data from hundreds of millions of mobile devices that can be used to trace the movements of individuals to and from sensitive locations” such as abortion clinics, rehab centers, domestic violence shelters “Idaho-based Kochava purchases vast troves of location information derived from hundreds of millions of mobile devices,” the FTC said in a release. “The information is packaged into customized data feeds that match unique mobile device identification numbers with timestamped latitude and longitude locations. According to Kochava, these data feeds can be used to assist clients in advertising and analyzing foot traffic at their stores and other locations. People are often unaware that their location data is being purchased and shared by Kochava and have no control over its sale or use.”
In addition, the Associated Press published a new investigation today about the Fog Reveal data subscription service, which tracks users by their unique advertising identification numbers using information (including location) drawn from “thousands” of mobile applications and provides that information to law enforcement agencies without the need for a warrant, at a cost of less than $10,000 a year. Such information includes the ability to see, for instance, which mobile devices were near the scene of a crime, or to use location information to establish “patterns of life” for potential suspects, according to the AP’s investigation—but privacy advocates argue that such services cross the line into violating Constitutional protections against unreasonable searches.
Congress, meanwhile, is considering a new law that would impose more restraints on the use of such data. The American Data Privacy and Protection Act has bipartisan support but has yet to gather enough backing to land on President Joe Biden’s desk. The International Association of Privacy Professionals said in July that the advancement of the bill out of committee marks the “first time a comprehensive privacy bill will be made available for a full chamber vote in either the House or the Senate.” A group of roughly four dozen civil rights, privacy, and consumer organizations sent a letter to House Speaker Nancy Pelosi earlier this week in support of the bill and its “data minimization provisions that limit data collection, use, and sharing, and that impose heightened restrictions on sensitive data such as browsing history, location data, health information and biometric data.”
“The ADPPA is a bipartisan, compromise bill that, while not perfect, represents a reasonable compromise on both sides to finally bring consumers privacy protections they’ve long wanted, including strong civil rights protections, privacy protections that are the responsibility of companies, and more,” opined the Center for Democracy and Technology, one of the organizations which signed on to the letter.
