By Bob Scott and Rob Morgan
The Electronic Privacy Information Center (“EPIC”) filed a complaint on October 28, 2011 with the Federal Trade Commission (“FTC”) urging the FTC to investigate whether Verizon Wireless has engaged in “unfair and deceptive trade practices” by changing some of its data collection and disclosure practices. The public interest group alleges that Verizon Wireless’s prior customer agreements said that the company would not collect or disclose to third parties (such as advertisers) location information and other data without first obtaining users’ affirmative consent, and claims that Verizon Wireless’s recent announcement that it will track and share this kind of data in anonymized form violated this promise to customers.
The complaint centers on Verizon Wireless’ new practice of collecting mobile usage information (e.g., URLs of websites visited, search terms, geolocation information, applications) and consumer information (device type, data plan, demographic information) in anonymous formats to create business and marketing reports and to make mobile ads more relevant to each customer. EPIC takes issue with Verizon changing its practices without first obtaining affirmative consent from every customer and for “fail[ing] to make public the technique it has adopted to ensure” data disclosed cannot be tied to specific users.
Earlier this year, Representatives Joe Barton and Edward J. Markey addressed a series of questions to Verizon Wireless and the other major wireless companies, and Verizon Wireless responded in April. The Congressmen again questioned Verizon Wireless on October 6, 2011 about the same practices EPIC now challenges. Verizon has not responded to the most recent congressional request for information as of this writing.
Importantly, the information Verizon Wireless is collecting is generally the same information that Google, Apple, and others collect and while the practices of those other companies raised concerns earlier this year they have not been deemed unfair or deceptive. Notably, although EPIC’s complaint cites the European Union’s much more restrictive policies governing geolocation data and customer consent, those regulations do not apply in the United States. In fact the European Union’s policies have been shown to place a measurable burden on Internet commerce, as explained to Congress recently by MIT’s Catherine Tucker.
For now, EPIC’s complaint serves as yet another reminder for companies to design privacy into their new services and products so as to proactively address concerns over protection of personally identifiable information.