Skip to main content

Barton Uneasy at Third Party Use of Phone Location Info

The co-chairmen of the House privacy caucus released cell phone company explanations of personal location data info and the responses left Joe Barton (R-Tex.) with a feeling of "uneasiness and uncertainty" about third-party use of that info and Ed Markey (D-Mass.) pushing for more consumer control.

In their responses to a March 29 request from the legislators, the major carriers, T-Mobile, Sprint, AT&T and Verizon, said that they obtained customer consent before collecting location data, but that third-party application developers can then access that information "anytime they want," said Barton after reviewing the letters. Though Verizon, for example, pointed out that those third parties can only use them subject to disclosure and consent requirements as well.

AT&T points out that AT&T complies with telecom regs about getting prior consent when using or disclosing location information for calls, but it points out that data services are not subject to telecom regs but that, in any event, AT&T provides notice and obtains consent from its customers prior to using location info for commercial purposes other than providing the underlying service. It, too, says that location based service app providers must provide notice and obtain consent per CTIA best practices.

"This is a huge problem," said Barton of third-party use of the info. "They shouldn't have free reign over your location data and personally identifiable information," he said, pledging to work on legislation to hold third-party developers accountable.

"Consumer consent and control are critical to ensure adequate privacy protections, and the responses shine a light on the various methods used to safeguard consumers' sensitive information," said Markey of the cell company responses. "The use of encryption and related security technologies were utilized to varying degrees across the four wireless carriers, and sensitive data was retained for differing periods of time," he said. "Personal data should be made unreadable to those without a legitimate need to access it to the greatest extent possible, and the data should not be retained longer than absolutely necessary. Otherwise, there is a heightened risk of security breaches that expose consumers to identity theft and other crimes."

Release of the letters followed inquiries by co-chairman Ed Markey (D-Mass.) into iPhone and iPad collection and security--or lack of it--of geolocation information from users. Apple has pledged to fix some "bugs," but defends the data as useful and not traceable to individuals. The issues of data retention and encryption were central to his concerns in that case as well.

The companies responding were T-Mobile, Sprint, AT&T, and Verizon.