Rep. Ed Markey (D-Mass.) introduced a mobile privacy bill that would require disclosure of the use
of monitoring software on mobile devices; consent to the collection
of information, including a user's location, that is collected
using monitoring software; and information security policies and
procedures to safeguard collected data.
The proposed Mobile Device Privacy Act would authorize the FTC
to promulgate regulations that would require certain entities to
make clear disclosures about the use of monitoring software with
the capacity to monitor the use of a mobile device or the location
of the user and to transmit the information to another device or
The disclosure requirements would apply to sellers of mobile
devices that have monitoring software installed on the device,
certain providers of commercial mobile or data services,
manufacturers of mobile devices or mobile operating systems that
install monitoring software on a device after it is sold to a
consumer, and operators of websites where consumers can download
monitoring software for mobile devices. These entities would be
required to make the following disclosures:
The fact that monitoring software is installed on the mobile
device, or the fact that the software the consumer is downloading
is monitoring software;
The types of information the monitoring software is capable of
collecting and transmitting;
The identity of any person who receives such information;
How such information will be used; and
Procedures for consumers who have consented to such collection
and transmission to opt out of future collection and
Those subject to the disclosure requirements would be required
to obtain the express consent of consumers prior to any data
collection by monitoring software and to provide consumers who have
consented to the collection and transmission an opportunity to opt
out of future collection and transmission.
The Act would also authorize the FTC to require anyone who
directly or indirectly receives information transmitted from
monitoring software that is subject to the disclosures to establish
and implement policies and procedures for safeguarding that
Filing Copies of Agreements
Anyone who directly or indirectly receives information from
monitoring software that is subject to the disclosures and who does
not have an agreement with the consumer must file with the FTC or
the FCC a copy of the agreement that permits the receipt of this
The Mobile Device Privacy Act would be enforced by the FTC, FCC,
and state Attorneys General. The bill also permits a private right
of action whereby consumers could be compensated up to $3,000 per
violation if those violations are deemed willful or knowing.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
The 2010 theft of an unencrypted laptop containing confidential health care information made front-page news in 2013, not because a huge number of patients were affected, but for the exact opposite reason.
Any company that collects personal data from consumers should take proactive steps to have appropriate legal counsel review its data security practices, as well as its terms of service or privacy practices, to identify any potential problem areas.
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published on its website a series of factsheets designed to educate consumers unfamiliar with their rights under the Health Insurance Portability and Accountability Act’s (HIPAA) Privacy and Security Rules.