{mosads}Mobile carriers can determine a phone’s location based on the cell towers that it connects to or if it has a GPS chip. Location information can be shared with mobile applications or other third parties. 

The GAO noted that location information can be used to provide helpful services and more effective advertisements. But the office warned that the information can also enable consumer profiling, identity theft, stalking and government surveillance.

Police often do not use warrants to obtain historical location data from mobile carriers, the GAO wrote. 

“In addition to information related to a crime, the location data collected by law enforcement may reveal potentially sensitive destinations, such as medical clinics, religious institutions, courts, political rallies, or union meetings,” the agency wrote.

The National Telecommunications and Information Administration (NTIA) is currently leading discussions between companies and privacy groups to develop codes of conduct for protecting mobile phone privacy. But the GAO report criticized NTIA for not developing “performance goals, milestones, or deliverables.”

The report noted that the Federal Trade Commission has the authority to take action against companies that deceive consumers about their privacy practices. But the GAO urged the FTC to develop comprehensive industry guidelines for how companies should handle mobile location data.

“Without clearer expectations for how industry should address location privacy, consumers lack assurance that the aforementioned privacy risks will be sufficiently mitigated,” the office wrote.

The GAO conducted the study at the request of Sen. Al Franken (D-Minn.).

“I believe Americans have a fundamental right to privacy: to know what information is being collected about them and to be able to control whether or not that information is shared with third parties,” Franken said in a statement. “And this report clearly shows that mobile industry companies often fail to respect that right, giving out consumers’ location data without their knowledge or explicit consent.”

He argued that the report shows the need for his Location Privacy Protection Act. The bill would require companies to get a customer’s consent before collecting location information and before sharing it with other private parties.

Rep. Edward Markey (D-Mass.) said he welcomed the GAO’s call for tougher privacy protections. He urged Congress to take up his Mobile Device Privacy Act, which would also require consumer consent for location monitoring and would set data-security standards.