Smartphone Privacy: What Are Our Legal Rights?

Unfortunately, laws have not kept pace with changing technology. The first iPhone was released in 2007, and since then there has been an explosion of smartphone technology.

Existing Federal Law: The Electronic Communications Privacy Act (ECPA)

Enacted in 1986, ECPA (18 U.S.C. §§ 2510-3127) includes the Wiretap Act, Stored Communications Act, and the Pen Register Act. It can apply to both law enforcement agencies and companies. ECPA makes it unlawful under certain circumstances for someone to read or disclose the contents of an electronic communication. However, there are exceptions to ECPA, and the definition of what constitutes an electronic communication is unclear given the extensive advances in technology since its enactment.

For additional information on ECPA reform efforts, visit the site of the Digital Due Process coalition.

The Computer Fraud And Abuse Act

The 1984 Computer Fraud and Abuse Act (18 U.S.C. § 1030) was enacted to prevent unauthorized access to computers.  Among other things, it is used in prosecuting hackers, and covers information stored on computers. It is possible that a court of law would consider a smartphone to be a type of computer. In fact, as of April 2011, a federal grand jury was investigating app makers to see if they have breached this Act by transmitting smartphone data to third parties.

Children’s Online Privacy Protection Act (COPPA)

The 1998 COPPA (15 U.S.C. §§ 6501-08) protects the privacy of children under the age of 13 by prohibiting the online collection of a child’s personal information without providing notice and obtaining parental consent.  COPPA also prohibits requiring that a child disclose more information than is reasonably necessary to participate in an activity online.

If your child has a smartphone or uses yours to go online or install and use apps, you may want to learn more about COPPA. If you suspect that a site or application is not complying with COPPA you can file a complaint with the FTC.  If the site or company participates in the safe harbor program with an approved industry group’s self-regulatory program, you may also want to complain to it.

The Federal Trade Commission

The FTC recognizes smartphone privacy issues, including those involving mobile apps.  For more information, check out its report, “Protecting Consumer Privacy in an Era of Rapid Change” (PDF).

The FTC has also filed a complaint against a mobile apps developer, charging it with violating the Children’s Online Privacy Protection Act.  The charges were settled, but the action points to an encouraging trend with respect to mobile applications and consumer privacy.

The FTC has the authority to investigate and bring an enforcement action against an entity it believes is engaging in an unfair or deceptive act or practice.  In practice, this usually means that the FTC will investigate a company that is violating its own privacy policy. Whether or not a company is required to have a privacy policy depends on varying state laws. However, if a company does have a privacy policy and you find it in violation of its privacy policy, you should file a complaint with the FTC. This is why it is so important to read privacy policies carefully.

The FTC also has the ability to enforce certain specific consumer protection statutes.  The FTC does not resolve individual complaints, but such complaints may contribute to an investigation or enforcement action.


Read more: