Google, Apple, and Privacy Thought Leaders Discuss Privacy and Mobile Devices at Recent Hearing

By TAP Staff Blogger

Posted on May 20, 2011

On May 10th, Senator Al Franken, chair of the newly-formed Senate Judiciary Subcommittee on Privacy, Technology and the Law, held the committee’s inaugural hearing, focused on mobile privacy. The hearing opened with commentary from Sen. Franken, who made clear he believes “consumers have a fundamental right to know what data is being collected and to decide with whom and when it is shared.” He named domestic violence as one real-life scenario in which GPS or location-based data from smartphones can put people at risk, citing a 2006 Department of Justice (DOJ) report that states each year over 26,000 adults were stalked using GPS devices on phones.  Franken concluded by noting that while consumer protections are important, the answer to the privacy question is not to end location-based services, but to find a balance between the benefits and the right to privacy.

The following is a summary of the testimony from Justin Brookman, Center for Democracy and Technology; Alan Davidson, Google Inc.; Ashkan Soltani, Independent Researcher and Consultant; Guy L. "Bud" Tribble, Apple Inc.; and Jonathan Zuck, Association for Competitive Technology. Click here to read a summary of the testimony from the Federal Trade Commission and the Department of Justice.

The second panel of the May 10th hearing opened with testimony from Ashkan Soltani, who emphasized the ease and ability of wireless carriers, location service providers and content providers to see users’ location data. According to Soltani, because many third-party smartphone applications (“apps”) transmit location information or unique identifiers such as phone number, access to text messages, etc., consumers need increased transparency, clear definitions and meaningful choice and opt-outs regarding data collection and sharing.

Brookman echoed Soltani’s sentiments, noting while apps access a far broader range of personal information than websites, controls on mobile devices are weaker than those available to users on the web. Brookman followed by suggesting that because there is no comprehensive privacy law, the bar for companies is still very low and that many of them do not even have official statements regarding privacy to avoid data collection constraints and culpability.

The companies in question followed by emphasizing the efficacy of their existing privacy standards. Apple noted it has a single privacy policy for all of its products, it does not share data for marketing purposes without consumer consent and continues to enact measures to strengthen its practices, citing the company’s plan to encrypt its location data cache with the next IOS update for the iPhone. Google cited its work with the Digital Due Process Coalition as an example of its leadership in the privacy arena, and the Association for Competitive Technology encouraged legislators to consider the value brought by small businesses through the app/mobile marketplace, and suggested Congress broaden its view beyond simply location data to the “tons” of user data stored by corporations that far surpass the mobile arena.

When asked point-blank by Franken if they would be willing to commit to requiring apps to have a privacy policy, Google replied that its model is already permission based. Apple, for its part, stated third-party apps are currently required to provide clear and complete notice to users, and suggested the need to go beyond a written policy to make privacy an integral part of the user interface through things such as icons in order to make information sharing clear to users.

The committee then asked about how the companies enforce their existing privacy/disclosure requirements. Google noted that while its Android devices tell users when they install an app what data/information the app will access, there is no enforcement process. Apple followed, stating it examines apps for its iPhone and iPad devices before they are posted to iTunes. Once in the store, Apple performs random audits for compliance and will investigate violations, forcing the app to be removed from the store if needed. Most apps, Apple indicated, typically correct the error during the investigation process.

Some, including Google and the Center for Democracy and Technology, echoed the need for greater consumer education expressed by the first panel. Companies, Brookman stated, should be able to say what they’re doing with user data--which can include sensitive personal information on things like health, location, sexuality, etc.--give choices, and get rid of data when it is no longer needed.