FTC and DOJ Speak Out at Mobile Privacy Hearing

By TAP Staff Blogger

Posted on May 20, 2011


On May 10th, Senator Al Franken, chair of the newly-formed Senate Judiciary Subcommittee on Privacy, Technology and the Law, held the committee’s inaugural hearing, focused on mobile privacy. The hearing opened with commentary from Sen. Franken, who made clear he believes “consumers have a fundamental right to know what data is being collected and to decide with whom and when it is shared.” He named domestic violence as one real-life scenario in which GPS or location-based data from smartphones can put people at risk, citing a 2006 Department of Justice (DOJ) report that states each year over 26,000 adults were stalked using GPS devices on phones.  Franken concluded by noting that while consumer protections are important, the answer to the privacy question is not to end location-based services, but to find a balance between the benefits and the right to privacy.

The following is a summary of the testimony from Jessica Rich of the Federal Trade Commission (FTC) and Jason Weinstein from the Department of Justice (DOJ). Click here to read a summary of the testimony from Google, Apple, the Center for Democracy and Technology, and others.

Rich stated privacy oversight authority belongs to the FTC, citing the commission’s leadership in holding both Google and Twitter accountable for previous privacy violations. She also stated that misuse of data can have real consequences for users, including not just stalking but also the ability to track things like a person’s political or religious affiliations.

While the FTC has no formal position on the issue, Rich said three key protections should be applied: Companies should consider privacy in the development stage for products and services, rather than after the product has been released into the marketplace; the presentation of privacy choices must be streamlined and easy for consumers, especially on mobile devices; and privacy choices and information should be transparent so that consumers can not only understand what information is being gathered but can also access the data companies have on them. The FTC is slated to provide further details to the committee on which of these protections require additional authority or legislation.

Meanwhile, Weinstein emphasized the irony of data disclosure, stating that while providers have no legal standard regarding data security or restrictions prohibiting them from sharing information about users to third parties, they are not permitted to share information with the government—significantly hampering criminal investigation efforts.

From the Department of Justice’s perspective, Weinstein named several additional areas requiring statutory clarity to facilitate their ability to protect the privacy of individuals:


  • Further fixes to U.S.C. 1030 to strengthen penalties and deterrents to ensure more significant consequences for cybercrime.

  • Amendments to the existing cyber stalking statute, which currently requires the victim and defendant be in different states.

  • Establishment of a reasonable period of time to require data retention.

  • Establishment of a federal legal requirement regarding data breach reporting.

  • Enable DOJ to access data allowing them to trace activity/data back to a specific IP address.

  • While there are currently significant legal restrictions on companies sharing data with the government (but not with third parties), Congress should consider how to provide better balance.

Weinstein later stated that two additional needs of law enforcement are prompt victim reporting, and the opportunity to delay notification to accused parties.

Both the FTC and DOJ concluded by acknowledging the average American is significantly underinformed regarding what information is gathered and how it is used.  “Consumers have no idea of the layers of sharing that go on behind the scenes,” Rich remarked. “Location data and their device ID can flow to service providers, advertisers and other third parties.”