Regulators Crack Down on Companies’ Geolocation Data

WASHINGTON — Without any particular online data privacy law on the books, United States regulators are looking to crack down on how internet service providers and other technology companies are using Americans’ data.

The target: geolocation data.

“Geolocation data is collected usually through your mobile device, smartphone or not, and combined with other applications that create a very comprehensive look at an average consumer,” said Tom Romanoff, the director of the Technology Project at the Bipartisan Policy Center.

There’s two particular regulators who have oversight in this area — the Federal Communications Commission and the Federal Trade Commission. The FCC regulates the businesses providing the internet — broadband providers and cellphone carriers — that collect information on where people are when they are using the internet. The FTC has broad authority over the tech companies that provide applications that collect data.

In recent weeks the FCC launched an investigation into how the top cellphone carriers use customers’ location data, and the FTC sued a company it believes to have misused that same type of information. 

The FTC is also kicking off the rule-making process that would give it more latitude to protect Americans’ data related to all types of “commercial surveillance” information, ranging from geolocation to shopping information. It’s holding its first public hearing Thursday.

“Data is fluid, so you can’t just have [the] FCC regulating [internet service providers] and leave the apps, or the FTC regulating applications without the [internet service providers],” Romanoff said.

When these questions of data privacy are left to the regulators instead of lawmakers, there’s also the potential for faster change that could be disruptive, he said. 

“Who knows if the regulatory framework is going to shift so something you thought was innocuous becomes an issue,” Romanoff said.

He gave the example of menstrual cycle tracking applications.

Prior to Roe v. Wade being overturned there wasn’t an overt need to protect information collected by the applications, including when people menstruate or are potentially pregnant. Many people found the applications on their phone an important tool.

However, after the nearly 50-year precedent to have an abortion was overturned, privacy advocates across the country raised alarm that the information collected by those applications could be sold and used by law enforcement if abortion becomes illegal.

Law enforcement agencies across the country bought data to avoid getting search warrants for the same information. That includes Immigration and Customs Enforcement, which has used information purchased to create a surveillance dragnet, according to Georgetown Law’s Center on Privacy and Technology.

Information collected by internet service providers and applications go further than people’s Google search history. Companies can track down to the keystroke what people type, even if they clear it all out before sending the message or pressing the “search” button.

“There’s generally a lag of understanding of how much data is collected at an individual level and that continues to grow as we have more internet connected devices,” Romanoff said.

It’s often a binary choice — use the application or smart device that makes life easier, or protect your information, Romanoff explained.

There’s multiple proposed bipartisan laws that would address issues ranging from overall online privacy to children’s privacy to how law enforcement uses information bought from data brokers. And bipartisan members of the FTC have applauded the proposed federal data law, saying it will help guide their work on protecting Americans’ information.

Madeline can be reached at [email protected] and @MadelineHughes