FCC TURNS DOWN CTIA PETITION ON LOCATION PRIVACY RULES
FCC turned down CTIA request to adopt wireless location information privacy rules that would cover notice, consent, security and integrity of consumer data, provoking dissent from Comr. Copps. So-called 911 Act passed by Congress in 1999 imposed clear legal obligations and protections for consumers, said order, adopted July 8 and released Wed. Agency said law was adequate and additional rules weren’t needed for now. “Because we do not wish to artificially constrain the still-developing market for location-based services, we determine that the better course is to vigorously enforce the law as written, without further clarification of the statutory provisions by rule,” order said. Commission said it would monitor those “important issues” and would launch rulemaking “only when the need to do so has been clearly demonstrated.” While Copps said he agreed with majority that legislation clearly outlined “opt- in” requirement to protect consumers, he said he disagreed that “this clarity of purpose renders Commission rules unnecessary.”
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
“This decision can only be characterized as a fumble,” said CTIA Pres. Tom Wheeler. In Nov. 2000, CTIA had requested rulemaking that would address best practices for wireless industry on location-specific information on wireless devices, including opt-in provision to protect subscriber privacy. Petition had asked for technology- neutral rules on collection and use of subscriber location information, such as Enhanced 911 data. Group wanted FCC to implement 1999 law that required commercial mobile services providers to obtain express prior authorization of consumers before using or disclosing data. While CTIA sought rule, several large wireless carriers had cited adequacy of their self-regulatory efforts and Communications Act provisions such as Sec. 220(f), which stipulates that customers be given opportunity to provide express prior authorization before carriers could use, disclose or access call location information. Sec. 222 of Act outlines carriers’ use and disclosure of customer proprietary network information. CTIA had sought separate rule apart from Commission’s recent CPNI proceeding.
Sec. 222 “leaves no doubt that a customer must explicitly articulate approval before a carrier can use that customer’s location information,” FCC said. “Thus, no rules are necessary because the statutory language is unambiguous.” In addition, 1999 law didn’t direct Commission to undertake rulemaking in that area, it said. Agency also stressed extent to which commercial wireless location-based services still were in developmental stage and just now were starting to emerge. “Precisely because of the nascent state of these services, we do not wish inadvertently to constrain technology or consumer choices via our rules,” FCC said. Just as rollout of E911 services will take several years as carriers phase in location-capable handsets, commercial-based services using same technology also will take time to evolve, Commission said.
Even if FCC found CTIA’s proposed privacy principles to be reasonable approach, it said it wasn’t clear that their adoption as part of rulemaking would be useful at this point. “Indeed, most of the commenters state that they follow these principles already in their treatment of consumer information and include their own policies as examples of how the privacy principles proposed by CTIA for Commission rules have been adopted by their organizations,” agency said. FCC said it would continue to monitor location privacy issues as new services were rolled out and would take action if need for rules were demonstrated. CTIA petition included principles such as carrier’s obtaining consent from subscribers before collecting location information. Under those principles, customers would have to be informed about type of information collected and how it was used.
Copps said he agreed that law imposed clear obligations on what express prior authorization meant for customer’s location information. But clarity of congressional opt-in requirement doesn’t render FCC rules unnecessary, he said. “This is because serious definitional questions and disagreement between commenters about how this protection will function remain unaddressed,” Copps said. “Given this confusion, our failure to act will result in Americans’ privacy being threatened and adoption of location-enabled devices and E911 phones being slowed.” Copps said consumer fears of “invasive and dangerous misuses” of location information were legitimate and could contribute to undermining of consumer confidence in location services if not addressed. He also cited arguments raised by Electronic Privacy Information Center (EPIC) that FCC action was needed because statute’s meaning appeared open to different interpretations within industry. “I believe that the absence of clarity will do more to constrain technology and consumer choices than Commission action ever would,” Copps said. “If this were not the case, wouldn’t the usually regulation-wary wireless industry oppose rather than strongly support rules since it has the most to gain here?”
EPIC Gen. Counsel David Sobel told us, “I think the Commission missed an opportunity to clarify the law at a time when such a clarification could have a real impact.” On positive side, he noted that FCC said it believed statutory language was so unambiguous in imposing clear requirements that rulemaking wasn’t necessary. “I hope that proves to be the case as companies begin to implement those statutory requirements,” Sobel said. He reiterated arguments that EPIC raised to FCC that different companies had different interpretations of what location privacy mandates meant. “The cellular providers themselves have a strong interest in establishing a comfort level among their users with respect to the collection of location information and some other companies might not have similar incentives,” Sobel said. EPIC believes “across-the-board rules” are needed for wireless location technology in general, meaning requirements would touch on variety of hand-held wireless devices, in- vehicle navigation systems and other systems, he said.