Parties that submitted comments and replies in response to a Federal Communications Commission (FCC) Public Notice on the privacy and security of information stored on mobile devices are deeply divided over whether the agency should pursue further action in the area. The FCC proceeding follows up on a recent report from the agency on Location-Based Services, issued earlier this year. It also references last year’s Carrier IQ news headlines and notes that much has changed in the wireless industry during the last five years (the last time that the FCC sought comment on these issues).
In their comments, public interest groups and privacy advocates generally called for the FCC to ramp up its efforts to protect consumer privacy and data security, with some seeking new mobile regulations focused on wireless carrier activity. The Electronic Privacy Information Center, for example, suggested that the FCC require carriers to implement “comprehensive privacy and security protections based on Fair Information Practices” and “give consumers a range of choices about the collection and retention of consumer data before or at the time of collection.” The New America Foundation’s Open Technology Institute added that last year’s Carrier IQ events “make it clear that [industry] efforts, if they are occurring, are inadequate to give consumers knowledge and control to ensure that their data is being protected.”
Wireless carriers and other industry commenters, on the other hand, encouraged the FCC to defer to current self-regulatory efforts, as well as the ongoing NTIA multistakeholder process. They also pointed out the FCC’s limited jurisdiction in this area and its inability to address comprehensively problems involving a wide range of parties in the mobile wireless ecosystem. But public interest groups responded that the FCC is the agency best suited to regulate customer proprietary network information (CPNI) and has explicit statutory authority to address CPNI issues. Those groups also noted that the NTIA effort could be a lengthy endeavor.
The Future of Privacy Forum, which has actively worked to focus attention on the data collection issues raised by mobile apps and other mobile services, encouraged the FCC to work with stakeholders and help educate consumers and app developers about the importance of protecting personal information.
The Federal Trade Commission also commented in the proceeding, detailing its privacy experience and noting that it “look[ed] forward to working with the FCC to ensure that [they] avoid duplicative actions in areas where . . . jurisdictions may be overlapping.”
Most observers believe that the FCC is unlikely to move forward on these issues in the near future, although some think it could be heading towards a set of proposed rules to update its legacy CPNI framework.