S 1164, Location Privacy Protection Act of 2001.
Sponsor: Sen. John Edwards (D-NC).
Date introduced: July 11, 2001.
Source: Congressional Record.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

This Act may be cited as the ``Location Privacy Protection Act of 2001''.

SEC. 2. FINDINGS.

Congress makes the following findings:

(1) Location-based services and applications allow customers to receive services based on their geographic location, position, or known presence. Telematics devices, for instance, permit subscribers in vehicles to obtain emergency road assistance, driving directions, or other information with the push of a button. Other devices, such as those with Internet access, support position commerce in which notification of points of interest or promotions can be provided to customers based on their known presence or geographic location.

(2) There is a substantial Federal interest in safeguarding the privacy right of customers of location-based services or applications to control the collection, use, retention of, disclosure of, and access to their location information. Location information is nonpublic information that can be misused to commit fraud, to harass consumers with unwanted messages, to draw embarrassing or inaccurate inferences about them, or to discriminate against them. Improper disclosure of or access to location information could also place a person in physical danger. For example, location information could be misused by stalkers or by domestic abusers.

(3) The collection or retention of unnecessary location information magnifies the risk of its misuse or improper disclosure.

(4) Congress has recognized the right to privacy of location information by classifying location information as customer proprietary network information subject to section 222 of the Communications Act of 1934 (47 U.S.C. 222), thereby preventing use or disclosure of that information without a customer's express prior authorization.

(5) There is a substantial Federal interest in promoting fair competition in the provision of wireless services and in ensuring the consumer confidence necessary to ensure continued growth in the use of wireless services. These goals can be attained by establishing a set of privacy rules that apply to wireless location information, regardless of technology, and to all entities and services that generate or receive access to such information.

(6) It is in the public interest that the Federal Communications Commission establish comprehensive rules to protect the privacy of customers of location-based services and applications and thereby enable customers to realize more fully the benefits of location services and applications.

SEC. 3. PROTECTION OF LOCATION INFORMATION PRIVACY.

(a) RULEMAKING REQUIRED.--Not later than 180 days after the date of the enactment of this Act, the Federal Communications Commission shall complete a rulemaking proceeding for purposes of further protecting the privacy of location information.

(b) ELEMENTS.--

(1) IN GENERAL.--Subject to the provisions of paragraph (2), the rules prescribed by the Commission under subsection (a) shall--

(A) require providers of location-based services and applications to inform customers, with clear and conspicuous notice, about their policies on the collection, use, disclosure of, retention of, and access to customer location information;

(B) require providers of location-based services and applications to obtain a customer's express authorization before--

(i) collecting, using, or retaining the customer's location information; or

(ii) disclosing or permitting access to the customer's location information to any person who is not a party to, or who is not necessary to the performance of, the service contract between the customer and such provider;

(C) require that all providers of location-based services or applications--

(i) restrict any collection, use, disclosure of, retention of, and access to customer location information to the specific purpose that is the subject of the express authorization of the customer concerned; and

(ii) not subsequently release a customer's location information for any purpose beyond the purpose for which the customer provided express authorization;

(D) ensure the security and integrity of location data, and give customers reasonable access to their location data for purposes of verifying the accuracy of, or deleting, such data;

(E) be technology neutral to ensure uniform privacy rules and expectations and provide the framework for fair competition among similar services;

(F) require that aggregated location information not be disaggregated through any means into individual location information for any commercial purpose; and

(G) not impede customers from readily utilizing location-based services or applications.

(2) PERMITTED USES.--The rules prescribed under subsection (a) may permit the collection, use, retention, disclosure of, or access to a customer's location information without prior notice or consent to the extent necessary to--

(A) provide the service from which such information is derived, or to provide the location-based service that the customer is accessing;

(B) initiate, render, bill, and collect for the location-based service or application;

(C) protect the rights or property of the provider of the location-based service or application, or protect customers of the service or application from fraudulent, abusive, or unlawful use of, or subscription to, the service or application;

(D) produce aggregate location information; and

(E) comply with an appropriate court order.

(3) ADDITIONAL REQUIREMENT.--Under the rules prescribed under subsection (a), any third party receiving, or receiving access to, a customer's location information from a provider of location services or applications pursuant to the express authorization of the customer, shall not disclose or permit access to such information to any other person without the express authorization of the customer.

(4) EXPRESS AUTHORIZATION.--

(A) FORM.--For purposes of the rules prescribed under subsection (a) and section 222(f) of the Communications Act of 1934 (47 U.S.C. 222(f)), the Commission shall specify the appropriate methods, whether technological or otherwise, by which a customer may provide express prior authorization. Such methods may include a written or electronically signed service agreement or other contractual instrument.

(B) MODIFICATION OR REVOCATION.--Under the rules prescribed under subsection (a), a customer shall have the power to modify or revoke at any time an express authorization given by the customer under the rules.

(c) APPLICATION OF RULES.--The rules prescribed by the Commission under subsection (a) shall apply to any person that provides a location-based service or application, whether or not such person is also a provider of commercial mobile service (as that term is defined in section 332(d) of the Communications Act of 1934 (47 U.S.C. 332(d)).

(d) RELATIONSHIP TO WIRELESS COMMUNICATIONS AND PUBLIC SAFETY ACT OF 1999.--The rules prescribed by the Commission under subsection (a) shall be consistent with the amendments to section 222 of the Communications Act of 1934 (47 U.S.C. 222) made by section 5 of the Wireless Communications and Public Safety Act of 1999 (Public Law 106-81; 113 Stat. 1288), including the provisions of section 222(d)(4) of the Communications Act of 1934, as so amended, permitting use, disclosure, and access to location information by public safety, fire services, and other emergency services providers for purposes specified in subparagraphs (A), (B), and (C) of such section 222(d)(4).

(e) STATE AND LOCAL REQUIREMENTS.--

(1) IN GENERAL.--No State or local government may adopt or enforce any law, regulation, or other legal requirement addressing the privacy of wireless location information that is inconsistent with the rules prescribed by the Commission under subsection (a).

(2) PREEMPTION.--Any law, regulation, or requirement referred to in paragraph (1) that is in effect on the date of the enactment of this Act shall be preempted and superseded as of the effective date of the rules prescribed by the Commission under subsection (a).

(f) DEFINITIONS.--In this section:

(1) AGGREGATE LOCATION INFORMATION.--The term ``aggregate location information'' means a collection of location data relating to a group or category of customers from which individual customer identities have been removed.

(2) CUSTOMER.--The term ``customer'', in the case of the provision of a location-based service or application with respect to a device, means the person entering into the contract or agreement with the provider of the location-based service or application for provision of the location-based service or application for the device.