Background
Research shows that mobile customers are concerned about their privacy and want simple and clear choices for controlling how their private information is used. They also want to know they can trust companies with their data. A lack of trust can act as a barrier to growth in economies that are increasingly data-driven.
One of the major challenges created by the growth of mobile internet is that the security and privacy of personal information is regulated by a patchwork of geographically bound privacy regulations, while the mobile internet is, by definition, international. In many jurisdictions, the regulations governing how customer data is collected, processed and stored vary considerably between market participants. For example, the rules governing how personal data is treated by mobile operators may be different to those governing how it can be used by internet players.
This misalignment between national privacy laws and global standard practices makes it difficult for mobile operators to provide customers with a consistent user experience. It may also cause legal uncertainty for operators, which can deter investment and innovation. Inconsistent levels of protection also increase the risk of consumers unwittingly providing easy access to their personal information, leaving them exposed to unwanted or undesirable outcomes such as identity theft and fraud.
Debate
How can policymakers help create a privacy framework that supports
innovation in data use while balancing the need for privacy across borders, regardless of the technology involved?
How is responsibility for ensuring privacy across borders best distributed across the mobile internet value chain?
What role does self-regulation play in a continually evolving technology environment?
What should be done to allow data to be used to support the social good and meet pressing public policy needs?
Industry position
Currently, the wide range of services available through mobile devices offers varying degrees of privacy protection. To give customers confidence that their personal data is being properly protected, regardless of service or device, a consistent level of security must be provided.
Mobile operators believe that customer confidence and trust are only possible when users feel their privacy is appropriately protected.
Safeguards should include a combination of internationally agreed approaches, national legislation and industry action.Governments should ensure legislation is technology-neutral and that its rules are applied consistently to all players in the internet ecosystem.
Because of the high level of innovation in mobile services, legislation should focus on the overall risk to an individual’s privacy rather than attempting to legislate specific types of data. For example, legislation must deal with the risk to an individual arising from a range of data types and contexts, rather than focusing on individual data types.
The mobile industry should ensure privacy risks are considered when designing new apps and services and develop solutions that provide consumers with simple ways to understand their privacy choices and control their data.
The GSMA is committed to working with stakeholders from across the mobile industry to develop a consistent approach to privacy protection and promote trust in mobile services.
Resources
Promoting Transparency, Choice and Trust in the Digital Society, GSMA privacy website
Safety, Privacy and Security Across the Mobile Ecosystem, GSMA, November 2022
5G and Data Privacy, GSMA, July 2020 Smart Data Privacy Laws, GSMA, June 2019
Protecting Privacy and Data in the Internet of Things, GSMA, February 2019
Mobile Privacy Principles, GSMA, February 2016