In the last few months, there have been reports about how smartphone users’ data could be quietly gathered and used by companies via software from a company called Carrier IQ. Sen. Al Franken (D-Minn.), chairman of the subcommittee on Privacy, Technology and the Law of the Senate Judiciary Committee, wrote to Carrier IQ demanding answers about how this technology affects cellphone users’ privacy. European officials are investigating the company for possible privacy violations. Carrier IQ spoke with the Wall Street Journal about its software.
Now, the Hill reports that Rep. Ed Markey (D-Mass), a co-chairman of the House caucus on privacy, has released a discussion draft (pdf) of the Mobile Device Privacy Act, which would require telecommunications providers such as Verizon, AT&T and Sprint to reveal if they are using data-tracking software such as Carrier IQ on mobile devices:
Consumers would have to consent to any data collection or transmission, and third parties would have to have policies in place to secure the data they collect.
Companies that want to transfer data to third parties would have to file applications with the Federal Trade Commission (FTC) and the Federal Communications Commission (FCC).
“Consumers have the right to know and to say ‘no’ to the presence of software on their mobile devices that can collect and transmit their personal and sensitive information,” Markey said. […]
Carrier IQ argues that most of the personal information it collects stays in the user’s cellphone and is not transmitted back to the company. The company says it only gathers information that would be helpful to evaluate the phone’s performance.
The draft includes a private right of action (a person can file a lawsuit if a company violates the law). The draft reads:
(e) PRIVATE RIGHT OF ACTION.—
(1) IN GENERAL.—A person injured by an act in violation of a regulation promulgated under section 2, 3, 4, or 5 may bring in an appropriate State court or an appropriate district court of the United States—
(A) an action to enjoin such violation;
(B) an action to recover damages for actual monetary loss from such violation, or to receive up to $1000 in damages for each such violation, whichever is greater; or
(C) both such actions.
(2) WILLFUL OR KNOWING VIOLATIONS.—If the court finds that the defendant acted willfully or knowingly in committing a violation described in paragraph (1), the court may, in its discretion, increase the amount of the award to an amount equal to not more than 3 times the amount available under paragraph (1)(B). […]
(5) NONEXCLUSIVE REMEDY.—The remedy provided by this subsection shall be in addition to any other remedies available to the person, except that, in the case of a violation or series of related violations by a provider of commercial mobile service or mobile broadband service or a manufacturer of a mobile telephone, the person may pursue either the remedy provided under this subsection or the remedies provided under title II of the Communications Act of 1934 (47 U.S.C. 201 et seq.), but not both.