FTC Testifies on Protecting Consumers' Privacy on Mobile Devices

The Federal Trade Commission today told Congress that “the Commission is committed to protecting consumers’ privacy in the mobile sphere” by bringing enforcement actions where appropriate and “by working with industry and consumer groups to develop workable solutions that protect consumers while allowing innovation in this growing marketplace.”

In Commission testimony before the Senate Judiciary Committee Subcommittee for Privacy, Technology and the Law, Jessica Rich, Deputy Director in the FTC’s Bureau of Consumer Protection said the FTC has been examining mobile and wireless issues since 2000, when the agency hosted a workshop on emerging wireless Internet and data technologies and the privacy, security, and consumer protection issues they raise. The FTC also hosted a technology forum in 2006 that featured mobile issues, two Town Halls to explore the use of radio frequency identification technology and its integration into mobile devices, and a forum in 2008 examining consumer protection issues in the mobile sphere.

In addition, the FTC has taken law enforcement actions against companies that fail to protect the privacy and security of consumer information. The testimony highlighted four recent cases that illustrate how the FTC’s authority applies to the mobile arena.

The FTC’s case against Google alleges that the company deceived consumers by using information collected from Gmail users to generate and populate a new social network, Google Buzz, without users’ consent. As part of the proposed settlement order, Google must protect the privacy of all of its customers – including mobile users.

In an FTC case against social networking service Twitter, the FTC charged that serious lapses in the company’s data security allowed hackers to obtain access to private “tweets” and non- public data, and hijack user accounts, including then-President-elect Obama’s account, the testimony states.

In August 2010, the FTC charged Reverb Communications, Inc., a public relations agency hired to promote video games, with deceptively endorsing mobile gaming applications in the iTunes store. And earlier this year, the FTC filed a complaint alleging that a spammer named Philip Flora used 32 pre-paid cell phones to send over 5 million unsolicited text messages – almost a million a week – to the mobile phones of U.S. consumers. The Commission charged that Flora violated the law by sending unsolicited text messages, the testimony states.

The Commission has “a number of active investigations into privacy issues associated with mobile devices, including children’s privacy,” the testimony notes.

According to the testimony the “rapid growth of mobile technologies has led to the development of many new business models involving mobile services.” The innovations offer benefits to both businesses and consumers. “On the other hand, they facilitate unprecedented levels of data collection, which are often invisible to consumers.”

In 2009 and 2010, the Commission held a series of three roundtables “to examine how changes in the marketplace have affected consumer privacy and whether current privacy laws and frameworks have kept pace with these changes,” the testimony states.

The data that emerged from those roundtable discussions formed the basis of a preliminary staff report which has recommended:

• that companies should adopt a ‘privacy by design’ approach by building privacy protections into their everyday business practices, such as not collecting or retaining more data than they need to provide a requested service or transaction;
• that privacy options offered to consumers should be simplified and easily accessible on small screens such as those on smartphones; and
• steps companies should take to make their data collection and sharing practices more transparent to consumers.

The FTC staff is now reviewing more than 450 comments received in response to the preliminary report, according to the testimony, including many that address mobile device privacy issues. The comments received will inform the final staff report, which will be released later this year.

The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 2,000 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s website provides free information on a variety of consumer topics. “Like” the FTC on Facebook and “follow” us on Twitter.