U.S. Congress - Text of H.R.6377 as Introduced in House Mobile Device Privacy Act
The easiest way to email your members of Congress
Donate NowH.R.6377 - Mobile Device Privacy Act
To require disclosures to consumers regarding the capability of software to monitor mobile device usage, to require the express consent of the consumer prior to monitoring, and for other purposes.
Loading Bill Text
Rollover any line of text to comment and/or link to it.
HR 6377 IHCommentsClose CommentsPermalink
112th CONGRESSCommentsClose CommentsPermalink
2d SessionCommentsClose CommentsPermalink
H. R. 6377CommentsClose CommentsPermalink
To require disclosures to consumers regarding the capability of software to monitor mobile device usage, to require the express consent of the consumer prior to monitoring, and for other purposes.CommentsClose CommentsPermalink
IN THE HOUSE OF REPRESENTATIVESCommentsClose CommentsPermalink
September 12, 2012CommentsClose CommentsPermalink
September 12, 2012CommentsClose CommentsPermalink
Mr. MARKEY (for himself and Ms. DEGETTE) introduced the following bill; which was referred to the Committee on Energy and CommerceCommentsClose CommentsPermalink
A BILLCommentsClose CommentsPermalink
To require disclosures to consumers regarding the capability of software to monitor mobile device usage, to require the express consent of the consumer prior to monitoring, and for other purposes.CommentsClose CommentsPermalink
Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,CommentsClose CommentsPermalink
SECTION 1. SHORT TITLE.
This Act may be cited as the ‘Mobile Device Privacy Act’.CommentsClose CommentsPermalink
SEC. 2. DISCLOSURES TO CONSUMERS REGARDING MOBILE DEVICE MONITORING SOFTWARE.
(a) In General- Not later than 1 year after the date of the enactment of this Act, the Federal Trade Commission shall promulgate regulations under
(1) a person who is in the business of selling mobile devices directly to consumers (including a provider of commercial mobile service or commercial mobile data service who sells mobile devices in connection with contracts to provide service) to disclose the information described in subsection (b) to the consumer at the time of sale of a mobile device on which monitoring software is installed;CommentsClose CommentsPermalink
(2) a provider of commercial mobile service or commercial mobile data service to disclose the information described in subsection (b) to the consumer at the time of entry into a contract to provide service to the consumer on a mobile device--CommentsClose CommentsPermalink
(A) on which the provider installs monitoring software in connection with such contract; andCommentsClose CommentsPermalink
(B) that the consumer does not purchase from the provider in connection with such contract;CommentsClose CommentsPermalink
(3) a manufacturer of a mobile device or of the operating system software for a mobile device who installs monitoring software on such device, after such device is sold to the consumer, to disclose to the consumer at the time of installing such software the information described in subsection (b);CommentsClose CommentsPermalink
(4) a provider of commercial mobile service or commercial mobile data service who installs monitoring software on a mobile device, after entry into a contract to provide service to the consumer on such device, to disclose to the consumer at the time of installing such software the information described in subsection (b); andCommentsClose CommentsPermalink
(5) a person who operates a website or other online service from which a consumer downloads monitoring software for installation on a mobile device to disclose the information described in subsection (b) to the consumer at the time of the download.CommentsClose CommentsPermalink
(b) Information Described- The information described in this subsection is the following:CommentsClose CommentsPermalink
(1) The fact that the monitoring software is installed on the mobile device (or, in the case of a disclosure described in subsection (a)(5), the fact that the software that the consumer downloads is monitoring software).CommentsClose CommentsPermalink
(2) The types of information that the monitoring software is capable of collecting and transmitting.CommentsClose CommentsPermalink
(3) The identity of any person to whom any information collected will be transmitted and of any other person with whom such information will be shared.CommentsClose CommentsPermalink
(4) How such information will be used.CommentsClose CommentsPermalink
(5) Procedures by which a consumer who has consented to collection and transmission of information by the monitoring software may exercise the opportunity to prohibit further collection and transmission, as described in section 3(2).CommentsClose CommentsPermalink
(6) Such additional information about the monitoring software as the Federal Trade Commission considers appropriate.CommentsClose CommentsPermalink
(c) Manner of Disclosure- The regulations promulgated under subsection (a) shall require the following:CommentsClose CommentsPermalink
(1) The disclosures shall be made in a clear and conspicuous manner, to be determined by the Federal Trade Commission.CommentsClose CommentsPermalink
(2) The disclosures shall be displayed in a clear and conspicuous manner on the website of a person required to make such disclosures, except that if such person does not maintain a website, such person shall file such disclosures with the appropriate Commission.CommentsClose CommentsPermalink
(d) Exemptions Permitted- If the Federal Trade Commission determines that the use of monitoring software for a particular purpose is consistent with the reasonable expectations of consumers, the Federal Trade Commission may include in the regulations promulgated under subsection (a) an exemption from the disclosures required by such regulations with respect to monitoring software that is used only for such purpose (or for another purpose with respect to which the Federal Trade Commission has made a determination under this subsection).CommentsClose CommentsPermalink
SEC. 3. CONSUMER CONSENT TO MONITORING OF MOBILE DEVICE USAGE.
Not later than 1 year after the date of the enactment of this Act, the Federal Trade Commission shall promulgate regulations under
(1) obtain the express consent of the consumer prior to the time when the monitoring software first begins collecting and transmitting information; andCommentsClose CommentsPermalink
(2) provide a consumer who has consented to collection and transmission of information by the monitoring software with the opportunity at any time to prohibit further collection and transmission of information by such software.CommentsClose CommentsPermalink
SEC. 4. INFORMATION SECURITY REQUIREMENTS.
(a) In General- Not later than 1 year after the date of the enactment of this Act, the Federal Trade Commission shall promulgate regulations under
(1) the size of, and the nature, scope, and complexity of the activities engaged in by, such person;CommentsClose CommentsPermalink
(2) the current state of the art in administrative, technical, and physical safeguards for protecting such information; andCommentsClose CommentsPermalink
(3) the cost of implementing such safeguards.CommentsClose CommentsPermalink
(b) Requirements- Such regulations shall require the policies and procedures to include the following:CommentsClose CommentsPermalink
(1) A security policy with respect to the collection, use, sale, other dissemination, and maintenance of such information.CommentsClose CommentsPermalink
(2) The identification of an officer or other individual as the point of contact with responsibility for the management of the security of such information.CommentsClose CommentsPermalink
(3) A process for identifying and assessing any reasonably foreseeable vulnerabilities in any system maintained by such person that contains such information, which shall include regular monitoring for a breach of security of such system.CommentsClose CommentsPermalink
(4) A process for taking preventive and corrective action to mitigate against any vulnerabilities identified in the process required by paragraph (3), which may include implementing any changes to security practices and the architecture, installation, or implementation of network or operating software.CommentsClose CommentsPermalink
(5) A process for disposing of such information by shredding, permanently erasing, or otherwise modifying such information to make such information permanently unreadable or undecipherable.CommentsClose CommentsPermalink
(6) A standard method or methods for the destruction of paper documents and other non-electronic data containing such information.CommentsClose CommentsPermalink
(c) Disclosure of Policies and Procedures- Such regulations shall require the policies and procedures to be displayed in a clear and conspicuous manner on the website of a person required to establish and implement such policies and procedures, except that if such person does not maintain a website, such person shall file such policies and procedures with the appropriate Commission.CommentsClose CommentsPermalink
(d) Treatment of Entities Governed by Other Law- A person shall be deemed to be in compliance with the regulations promulgated under subsection (a) if such person is in compliance with any other Federal law that requires such person to maintain policies and procedures with respect to information security that, taken as a whole and as the Federal Trade Commission shall determine in the rulemaking required by such subsection, provide protections substantially similar to, or greater than, those provided by the policies and procedures required by the regulations promulgated under such subsection.CommentsClose CommentsPermalink
SEC. 5. FILING OF CERTAIN AGREEMENTS REGARDING INFORMATION RECEIPT.
(a) In General- Not later than 1 year after the date of the enactment of this Act, the Federal Trade Commission shall promulgate regulations under
(b) Agreement Described- An agreement described in this subsection--CommentsClose CommentsPermalink
(1) is an agreement under which a person receives, directly or indirectly, information that is transmitted from monitoring software with respect to which disclosures are required by the regulations promulgated under section 2(a); andCommentsClose CommentsPermalink
(2) does not include an agreement between such a person and the consumer on whose mobile device such monitoring software is installed.CommentsClose CommentsPermalink
SEC. 6. ENFORCEMENT.
(a) By Federal Trade Commission-CommentsClose CommentsPermalink
(1) UNFAIR OR DECEPTIVE ACTS OR PRACTICES- A violation of a regulation promulgated under section 2, 3, 4, or 5 shall be treated as a violation of a regulation under section 18(a)(1)(B) of the Federal Trade Commission Act (
(2) POWERS OF FEDERAL TRADE COMMISSION- The Federal Trade Commission shall enforce the regulations promulgated under sections 2, 3, 4, and 5 in the same manner, by the same means, and with the same jurisdiction, powers, and duties as though all applicable terms and provisions of the Federal Trade Commission Act (
(b) By Federal Communications Commission-CommentsClose CommentsPermalink
(1) TREATMENT AS VIOLATION OF COMMUNICATIONS ACT OF 1934- A violation of a regulation promulgated under section 2, 3, 4, or 5 by a provider of commercial mobile service or commercial mobile data service or a manufacturer of a mobile device shall be treated as a violation of the Communications Act of 1934 (
(2) POWERS OF FEDERAL COMMUNICATIONS COMMISSION- The Federal Communications Commission shall enforce the regulations promulgated under sections 2, 3, 4, and 5 with respect to providers of commercial mobile service or commercial mobile data service and manufacturers of mobile devices in the same manner, by the same means, and with the same jurisdiction, powers, and duties as though all applicable terms and provisions of the Communications Act of 1934 were incorporated into and made a part of this Act, and any such provider or manufacturer who violates such regulations shall be subject to the penalties and entitled to the privileges and immunities provided in the Communications Act of 1934.CommentsClose CommentsPermalink
(c) Division of Responsibilities Between FTC and FCC-CommentsClose CommentsPermalink
(1) REGULATIONS- In promulgating the regulations required by sections 2, 3, 4, and 5, the Federal Trade Commission shall consult with the Federal Communications Commission.CommentsClose CommentsPermalink
(2) ENFORCEMENT- In enforcing such regulations, the Federal Trade Commission and the Federal Communications Commission shall consult with each other.CommentsClose CommentsPermalink
(3) FCC REGULATIONS ON FILINGS- The Federal Communications Commission, in consultation with the Federal Trade Commission, may promulgate regulations with respect to the form and manner of any filing that is required to be made with the Federal Communications Commission by a regulation required by section 2, 4, or 5.CommentsClose CommentsPermalink
(d) Actions by States-CommentsClose CommentsPermalink
(1) CIVIL ACTIONS- In any case in which the attorney general of a State, or an official or agency of a State, has reason to believe that an interest of the residents of that State has been or is threatened or adversely affected by an act or practice that violates any regulation promulgated under section 2, 3, 4, or 5, the State, as parens patriae, may bring a civil action on behalf of the residents of the State in an appropriate State court or an appropriate district court of the United States to--CommentsClose CommentsPermalink
(A) enjoin that act or practice;CommentsClose CommentsPermalink
(B) enforce compliance with the regulation;CommentsClose CommentsPermalink
(C) obtain damages, restitution, or other compensation on behalf of residents of the State; orCommentsClose CommentsPermalink
(D) obtain such other legal and equitable relief as the court may consider to be appropriate.CommentsClose CommentsPermalink
(2) NOTICE- Before filing an action under this subsection, the attorney general, official, or agency of the State involved shall provide to the appropriate Commission a written notice of that action and a copy of the complaint for that action. If the attorney general, official, or agency determines that it is not feasible to provide the notice described in this paragraph before the filing of the action, the attorney general, official, or agency shall provide written notice of the action and a copy of the complaint to the appropriate Commission immediately upon the filing of the action.CommentsClose CommentsPermalink
(3) AUTHORITY OF APPROPRIATE COMMISSION-CommentsClose CommentsPermalink
(A) IN GENERAL- On receiving notice under paragraph (2) of an action under this subsection, the appropriate Commission shall have the right--CommentsClose CommentsPermalink
(i) to intervene in the action;CommentsClose CommentsPermalink
(ii) upon so intervening, to be heard on all matters arising therein; andCommentsClose CommentsPermalink
(iii) to file petitions for appeal.CommentsClose CommentsPermalink
(B) LIMITATION ON STATE ACTION WHILE FEDERAL ACTION IS PENDING- If the Federal Trade Commission, the Federal Communications Commission, or the Attorney General of the United States has instituted a civil action for violation of a regulation promulgated under section 2, 3, 4, or 5 (referred to in this subparagraph as the ‘Federal action’), no State attorney general, official, or agency may bring an action under this subsection during the pendency of the Federal action against any defendant named in the complaint in the Federal action for any violation as alleged in that complaint.CommentsClose CommentsPermalink
(4) RULE OF CONSTRUCTION- For purposes of bringing a civil action under this subsection, nothing in this Act shall be construed to prevent an attorney general, official, or agency of a State from exercising the powers conferred on the attorney general, official, or agency by the laws of that State to conduct investigations, administer oaths and affirmations, or compel the attendance of witnesses or the production of documentary and other evidence.CommentsClose CommentsPermalink
(e) Private Right of Action-CommentsClose CommentsPermalink
(1) IN GENERAL- A person injured by an act in violation of a regulation promulgated under section 2, 3, 4, or 5 may bring in an appropriate State court or an appropriate district court of the United States--CommentsClose CommentsPermalink
(A) an action to enjoin such violation;CommentsClose CommentsPermalink
(B) an action to recover damages for actual monetary loss from such violation, or to receive up to $1,000 in damages for each such violation, whichever is greater; orCommentsClose CommentsPermalink
(C) both such actions.CommentsClose CommentsPermalink
(2) WILLFUL OR KNOWING VIOLATIONS- If the court finds that the defendant acted willfully or knowingly in committing a violation described in paragraph (1), the court may, in its discretion, increase the amount of the award to an amount equal to not more than 3 times the amount available under paragraph (1)(B).CommentsClose CommentsPermalink
(3) COSTS- The court shall award to a prevailing plaintiff in an action under this subsection the costs of such action and reasonable attorney’s fees, as determined by the court.CommentsClose CommentsPermalink
(4) LIMITATION- An action may be commenced under this subsection not later than 2 years after the date on which the person first discovered or had a reasonable opportunity to discover the violation.CommentsClose CommentsPermalink
(5) NONEXCLUSIVE REMEDY- The remedy provided by this subsection shall be in addition to any other remedies available to the person, except that, in the case of a violation or series of related violations by a common carrier subject to title II of the Communications Act of 1934 (
SEC. 7. DEFINITIONS.
In this Act:CommentsClose CommentsPermalink
(1) APPROPRIATE COMMISSION- The term ‘appropriate Commission’ means either the Federal Trade Commission or the Federal Communications Commission, or both, depending on which Commission has jurisdiction under section 6 with respect to the person and activity involved.CommentsClose CommentsPermalink
(2) COMMERCIAL MOBILE DATA SERVICE- The term ‘commercial mobile data service’ has the meaning given such term in section 6001 of the Middle Class Tax Relief and Job Creation Act of 2012 (
(3) COMMERCIAL MOBILE SERVICE- The term ‘commercial mobile service’ has the meaning given such term in section 332 of the Communications Act of 1934 (
(4) MOBILE DEVICE- The term ‘mobile device’ means a personal electronic device that has the capability of transmitting and receiving voice, video, or data communications by means of commercial mobile service or commercial mobile data service.CommentsClose CommentsPermalink
(5) MONITORING SOFTWARE- The term ‘monitoring software’ means software that has the capability to monitor the usage of a mobile device or the location of the user and to transmit the information collected to another device or system, whether or not such capability is the primary function of the software or the purpose for which the software is marketed.CommentsClose CommentsPermalink
Vote on This Bill
-
Share This Bill
More Share via Email
