By Brian Murray
The Federal Communications Commission (“FCC”) is examining privacy and security issues raised by customer information stored on mobile communications devices. In a public notice released on May 25, 2012, the FCC sought comment on the privacy and data-security practices of mobile wireless service providers with respect to such information, as well as the application of existing privacy and security requirements to it–subjects on which the FCC last solicited public input five years ago. As the FCC acknowledged, technologies and business practices “evolved dramatically” during the intervening period, prompting the FCC not only to seek to refresh the record but also to inquire about what steps it could or should take to update the applicable legal and regulatory framework.
The opening comments filed on July 13, 2012 revealed somewhat predictable battle lines. Generally speaking, the wireless industry urged the FCC to refrain from adopting new rules in this area. Various wireless service providers pointed out that other agencies–such as the Federal Trade Commission and the National Telecommunications and Information Administration–are already pursuing initiatives intended to address similar issues, and further cautioned that the FCC lacks the legal authority to do likewise. Rather than subjecting service providers to regulations concerning data stored on mobile devices, industry commenters advocated for a comprehensive approach that would account for the entire mobile service ecosystem–including manufacturers and applications developments–while also relying on voluntary best practices that will protect consumers’ interests more effectively than regulation can. But consumer advocacy groups and public interest entities encouraged the FCC to assert itself in this context, arguing that current practices–such as disclosure and consent requirements–are inadequate to enable consumers to make informed decisions about their data and that the FCC is authorized to do something about it. And the FTC weighed in as well, reporting its own concerns about the lack of basic privacy protections on some new mobile products–and describing its efforts to deal with them–and offering to work with the FCC (while also noting the need to avoid duplicative actions where the agencies’ jurisdictions overlap). All of the comments are available online.
Reply comments are due July 30. This proceeding is likely to determine how active a participant the FCC plans to be (or can be) in the ongoing debate over the privacy and security of data in the 21st century. It also provides a somewhat rare formal opportunity for interested parties to educate the FCC about current, voluntary efforts to protect privacy and security in the new communications age.