How content providers should address users' privacy concerns
Free newsletter via e-mail
Tools
Privacy as a concept is generally understood. What is less clear is the applicability in the wireless context of various FCC and FTC pronouncements addressing the use of user specific information that falls within the privacy umbrella (including the use of information that might identify a particular person) by non-carrier entities providing content or advertising services. (These terms are sometimes used interchangeably here.) It appears that the regulations that expressly apply in this context are few to non-existent at the federal level and apply only occasionally at the state level.
That does not mean that content providers should assume they operate in a legal and regulatory vacuum. There is a great deal of concern among legislators and regulators about privacy and its relationship to location-based services, without Internet involvement. The concern includes, for example, location-based services offered through the short messaging (or code) services. Thus in my opinion entities using or collecting or even storing personally identifiable information should consider adopting a privacy policy that governs their handling of this personal information, either crafted by them through counsel, or by industry trade associations. One caution: If an entity adopts a privacy policy, it should follow it. In the context of litigation, a privacy policy that is adopted, but ignored, is worse than no privacy policy at all.
Nitty gritty
Let's look at the specifics. The FCC's privacy regulations flow from its historic regulation of telephone companies. The statutory provision governing privacy (Section 222 of the Communications Act), and the Commissions rules governing privacy (Part 47, Section 64.2001 et. seq of the Code of Regulations.) address how carriers handle privacy information among themselves. The rules also address the relationship between carriers and their own customers for their own marketing of their own telecommunications services.
The one set of rules governing purely the carrier/customer relationship for non-communications content or advertising requires carriers to obtain affirmative informed consent before making "customer network proprietary information," including location information available to third parties. The rules also do not address what happens to that information after it has been provided to third parties, or impose regulations on third parties for handling that information. This is true for content providers or advertisers that rely on that information in their provision of service, even services and content based in part on location specific information obtained from the carrier.
Importantly, the rules do not address at all situations where the location information is obtained by third parties from GPS services without carrier involvement. Although not judicially tested, they also probably don't apply where the third party uses location information it obtains from transmissions to and from a carrier's cell sites regarding locations if captured off the air by a third-party provider of content or aggregator services, and the carrier is not contractually otherwise involved in the third-party's acquisition of that information.
Regulatory agencies
Like the FCC, the FTC has its own definition of privacy and is currently holding public meetings to address its concerns about how entities with access to personally identifiable information use that information, ultimately seeking to make additional pronouncements as to how that information should be protected. However, readers should keep in mind that the FTC is an enforcement agency, generally pursuing individual bad actors rather than adopting industry-specific regulation. Where more general harms continue unabated, it may use its existing regulatory authority to regulate conduct, as for example in the context of personal financial information held by financial institutions, where it obtained specific legislation giving it and other related agencies the power to regulate privacy information. See the Financial Modernization Act of 1999. But that is not typically its first option...Continued.
SHARE
WITH: