The Location Privacy Protection Act of 2011 is a narrowly-tailored bill that would close current loopholes in federal law to require any company that may obtain a customer’s location information from his or her smartphone or other mobile device to (1) get that customer's express consent before collecting his or her location data; and (2) get that customer's express consent before sharing his or her location data with third parties. If any company obtains the location information for more than 5,000 mobile devices, that company will also have to (3) take reasonable steps to protect that information from reasonably foreseeable threats; (4) tell an inquiring customer whether or not they have his or her information, and (5) delete that information if that customer so requests it.The Senator "concluded that our laws do too little to protect information on our mobile devices" and noted that "this legislation would give people the right to know what geolocation data is being collected about them and ensure they give their consent before it’s shared with others."
Just a few weeks ago, Senator Franken sent a letter to Apple and Google, requesting that both companies require app developers to have "clear and understandable privacy policies".
It would appear that Apple is already in compliance with sections 1 through 3, and presumably sections 4 and 5 are fairly easy to implement. iOS apps are already required to ask users for permission to use their location data and iOS devices display an icon in the top bar to indicate when location data is being used.
Repeated attempts by MacRumors to obtain the full text of the bill through Senator Franken's office were unsuccessful, though a one-page summary [PDF] is available.
This isn't the first time Congress has attempted to regular location information on mobile devices. A similar bill was introduced in 2001 by then-Senator John Edwards (D-NC). In fact, the bill had an identical title, The Location Privacy Protection Act of 2001.
That bill would have ordered the FCC to require providers of location-based services to:
(1) inform customers about their policies on the collection, use, disclosure of, and access to customer location information; and (2) receive a customer's express authorization before collecting, using, retaining, or disclosing such information.The Edwards bill died in committee.