Franken Pushes to Restrict Tracking Apps, Wary of Stalking, Other Harms
Sen. Al Franken, D-Minn., restarted the push for his updated location data privacy bill with a Wednesday Senate Subcommittee on Privacy, Technology and the Law hearing. Chairman Franken resurfaced his bill in March (http://1.usa.gov/1mGA1sv), nearly three years after it was introduced (CD June 16/11 p11). While Department of Justice and FTC officials expressed strong support for the bill at the hearing, Sen. Jeff Flake, R-Ariz., echoed industry concerns that the bill would hinder positive uses of geolocation data without properly addressing actual harm.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
"A whole new industry has grown up around tracking the movements of people,” said Franken. “Most of this is totally legal.” The Location Privacy Protection Act (S-2171) would make it illegal to market and sell mobile tracking apps, mandate opt-in consent for companies wanting to collect location data, and task DOJ with enforcing both criminal and civil violations of the law (http://1.usa.gov/1pRQhaB).
"I've already taken into account many of the industry concerns that I heard when we debated this bill last Congress,” Franken said. “I've capped liability, I've made compliance easier. But if folks still have issues with the bill, then I want to address them.” During his opening statement, Flake introduced letters from the National Retail Federation and Interactive Advertising Bureau, expressing hesitations about the bill. “I want to make sure we don’t hamper the development of new products and technologies,” Flake said.
In recent years, Franken has been outspoken on data collection privacy issues -- from smartphone fingerprint technology to in-car navigation systems to facial recognition technology to government metadata collection -- pressuring companies, the FTC and Congress to implement stricter standards. His 2012 Location Privacy Protection Act was voted out of the Senate Judiciary Committee that December, but never reached a floor vote (http://1.usa.gov/Kvw6zQ). Franken reintroduced the bill this year, shortly after releasing the results of an almost three-year-long study into the data sharing practices of car companies and in-car communications and navigation systems (CD Jan 8 p11).
Mobile-tracking apps were the main focus at Wednesday’s hearing. DOJ Principal Deputy Director-Office on Violence Against Women Bea Hanson said tracking apps can be used for stalking individuals, frequently women. “Stalking behavior tends to escalate over time,” she said, leading to physical and sexual abuse, even homicide. Hanson and Franken pointed to a National Network to End Domestic Violence 2012 study that found 72 percent of victim service programs nationwide reported seeing stalking victims who had been tracked through apps or stand-alone GPS devices. But most GPS stalking data is outdated, Franken said; his bill would require DOJ to update its seven-year-old estimates.
Witnesses and lawmakers disagreed over exactly what legal restrictions on commercial entities might ameliorate such harms. The bill conflates two “unrelated issues,” said Information Technology and Innovation Foundation President Robert Atkinson: Third-party collection of location data, and individual use of location data to perpetuate harm. “There is little evidence of any actual harms arising from the commercial use of geolocation data,” Atkinson said. The “stiff penalties” in the bill -- up to $2 million in fines -- “will make many risk-averse companies, particularly small companies and startups, avoid using geo-location data in their mobile apps and other devices,” he said. Digital Advertising Association Executive Director Lou Mastria said notice and opt-in consent was already required for mobile apps under DAA’s mobile app code of conduct.
FTC Bureau of Consumer Protection Director Jessica Rich pushed back against the effectiveness of self-regulation. FTC staff reports, surveys and enforcement actions -- against popular apps like Snapchat and Brightest Flashlight Free -- show “this opt-in standard is not being complied with on a regular basis,” she said. Mark Goldstein, director of GAO’s physical infrastructure issues, agreed. GAO reports showed “there is no comprehensive approach” to these issues in the private sector, he said. The recent NTIA-backed mobile transparency industry code of conduct talks hadn’t helped matters, Goldstein said. “This effort lacked specific goals, milestones, and performance measures, making it unclear whether the effort would address location privacy."
Rich urged Franken to give the FTC jurisdiction to enforce the civil side of his bill, leaving just the criminal side to DOJ. Franken acknowledged the request, but made Rich “pledge,” in the meantime, to “use all of your existing tools to investigate and shut down these apps.” Rich replied: “Yes, I will, within my powers.”