Rep. Ed Markey (D-Mass.) introduced a mobile privacy bill that would require disclosure of the use of monitoring software on mobile devices; consent to the collection of information, including a user's location, that is collected using monitoring software; and information security policies and procedures to safeguard collected data.

Disclosures

The proposed Mobile Device Privacy Act would authorize the FTC to promulgate regulations that would require certain entities to make clear disclosures about the use of monitoring software with the capacity to monitor the use of a mobile device or the location of the user and to transmit the information to another device or system.

The disclosure requirements would apply to sellers of mobile devices that have monitoring software installed on the device, certain providers of commercial mobile or data services, manufacturers of mobile devices or mobile operating systems that install monitoring software on a device after it is sold to a consumer, and operators of websites where consumers can download monitoring software for mobile devices. These entities would be required to make the following disclosures:

  • The fact that monitoring software is installed on the mobile device, or the fact that the software the consumer is downloading is monitoring software;
  • The types of information the monitoring software is capable of collecting and transmitting;
  • The identity of any person who receives such information;
  • How such information will be used; and
  • Procedures for consumers who have consented to such collection and transmission to opt out of future collection and transmission.

Express Consent

Those subject to the disclosure requirements would be required to obtain the express consent of consumers prior to any data collection by monitoring software and to provide consumers who have consented to the collection and transmission an opportunity to opt out of future collection and transmission.

Information Security

The Act would also authorize the FTC to require anyone who directly or indirectly receives information transmitted from monitoring software that is subject to the disclosures to establish and implement policies and procedures for safeguarding that information.

Filing Copies of Agreements

Anyone who directly or indirectly receives information from monitoring software that is subject to the disclosures and who does not have an agreement with the consumer must file with the FTC or the FCC a copy of the agreement that permits the receipt of this information.

Enforcement

The Mobile Device Privacy Act would be enforced by the FTC, FCC, and state Attorneys General. The bill also permits a private right of action whereby consumers could be compensated up to $3,000 per violation if those violations are deemed willful or knowing.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.