Senate bill would add protections for mobile users’ location data

by Phil Hornshaw

Sen. Al Franken isn’t happy about the prospect of mobile operating system developers like Google (GOOG), Apple (AAPL), Microsoft (MSFT) and Research In Motion (RIMM) gathering users’ location data and sharing it without their permission.

The Minnesota democrat introduced the bill along with Richard Blumenthal (D-Conn.) on Wednesday, which would require mobile companies like Google and Apple and app developers to ask users for their explicit permission before sharing location data gathered by mobile devices, including smartphones and tablets, with any third parties.

GigaOM has the story. Here’s a quote explaining the bill in more detail:

“The Location Privacy Protection Act, as proposed by Franken and Blumenthal, would close a loophole that allows ‘smartphone companies, app companies and even phone companies offering wireless Internet service to freely share their customers’ location information with third parties without first obtaining customers’ consent.’ Cable and phone companies are already barred from doing so, and Franken and Blumenthal think that restriction should apply to mobile users as well.”

The bill is a direct result of information being released by researchers a month or so ago that showed that Apple’s iPhone 4 was saving all the location data tracked by its GPS in an unencrypted folder that was easily accessible inside the phone. Apple chalked the tracking up to a bug that it corrected with an iOS update, but it came to light that the information has been used by law enforcement officials in their investigations, without the need to obtain a warrant.

Franken and other senators called Google and Apple to a hearing before the Judiciary Subcommittee on Privacy, Technology and Law, where the lawmakers called for stricter rules on how companies can use customers’ location data. The bill goes a step further, obviously, by forcing the companies to loop in their users on what is done with their data.

Both Google and Apple, along with other mobile platform makers, routinely track user location data for a number of reasons – several app do, as well, although many (Google and Apple included) ask permission before tracking the data or sending it onward. The data is used to hone cellular reception, improve service, track how users make use of mobile data connections and a host of other reasonable pursuits. But the security breach exposed on the iPhone 4 suggested that the data was a lot easier to come by if the person looking for it was knowledgeable, and until now, while Google and Apple have said they’re not doing anything untoward with location data, there was no legal framework preventing them from selling it to advertisers, for example. And a recent investigation by the Wall Street Journal found that about half of the top 101 apps for both platforms were sharing location data with third parties without users’ permission or knowledge.

While the bill might sound like a good idea on its face, there are a lot of factor to consider. Biggest among the concerns is probably just the prevalence of apps making use of location data – from social networks to shopping apps to a number of games, location data is yanked down for almost any reason by too many apps to count. Requiring those apps and Apple to ask the user for permission of iOS users could potentially be a hard thing to implement, although Google seems to do okay by asking users to sign off on the various phone functions an app wants to access when it is downloaded to its Android platform. Adding an extra step to the download process that delineates where data will be sent and under what circumstances probably wouldn’t be a back-breaking enterprise, and it’ll give users information they deserve to have about what is being done with their information.