TRENDING:

Governance & Risk Management , Privacy

Protecting Consumer Location Privacy

GAO: Consumer Can't Judge if Data Sharing Puts Privacy at Risk Eric Chabrow (GovInfoSecurity) • October 12, 2012    
Protecting Consumer Location Privacy

The U.S. federal government could do more to protect consumers' privacy in dealing with mobile device location data, the Government Accountability Office says in a new report.

See Also: Mastering Data Dilemmas: Navigating Privacy, Localization and Sovereignty

The report - requested by Sen. Al Franken, the Minnesota Democrat who chairs the Senate Judiciary Subcommittee on Privacy, Technology and the Law and published Oct. 11 - points out that mobile industry associations and privacy advocacy groups have proposed voluntary practices to protect consumers' privacy while making use of customers' personal information in these location services. But mobile companies examined by GAO, the investigative arm of Congress, have been inconsistent in implementing these practices.

    See Best Practices Guidelines at End of this Article

"In particular," the GAO says, "the lack of clear disclosures to consumers about how their location data are used and shared means that consumers lack adequate information to provide informed consent about the use of these data. Consumers are therefore unable to adequately judge whether the companies with which their data are shared are putting their privacy at risk."

GAO says a key federal effort to address these privacy risks is the National Telecommunications and Information Administration's planned multi-stakeholder process, which seeks to develop industry codes of conduct. But GAO says NTIA, the Commerce Department unit that advises the president on telecommunications and information policy issues, has yet to set performance goals, milestones or deliverables, meaning it's unclear if this process will address the risks to privacy associated with the use and sharing of mobile location data.

While NTIA recommended that the Federal Trade Commission should be given the authority to enforce any industry codes of conduct that are developed from the multi-stakeholder process; the current process relies on the industry's voluntary compliance with resulting codes of conduct before the FTC could enforce the provisions, according to the congressional investigators.

Story continues after graphic.

Regardless of what results from the multi-stakeholder process, GAO says, the FTC has authority to take action against companies that engage in unfair and deceptive practices. However, the FTC has yet to issue comprehensive industry guidance establishing its views on the appropriate actions that mobile companies should take to protect consumers' mobile location data privacy. "Without clearer expectations for how industry should address location privacy, consumers lack assurance that the aforementioned privacy risks will be sufficiently mitigated," the GAO report says.

GAO recommends that NTIA work with stakeholders to outline specific goals, milestones and performance measures for its process to develop industry codes of conduct and that the FTC consider issuing guidance on mobile companies' appropriate actions to protect location data privacy.

To prepare the report, GAO auditors examined mobile carriers AT&T, Sprint-Nextel, T-Mobile and Verizon; operating system developers Apple, HTC, Motorola, Research in Motion and Samsung; and application developers Facebook Google, Pandora, Angry Birds creator Rovio Entertainment and Yahoo.

In June 2011, Franken introduced the Location Privacy Protection Act, which would prohibit businesses offering services based on location to disclose to non-governmental entities a mobile device users' locations without their consent.

Best Practices



Previous
HIE Collaborative Effort Restructured
Next
Medicare Lags on Breach Notification

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.



Around the Network

How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.