TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Privacy Perspectives | On the Need for More Effective Location Data Controls Related reading: MedData data breach lawsuit settled for $7M




Location information, combined with an array of new context-based services, promises a future of ultra-personalization. As anyone who can no longer navigate a mile from home without the aid of a map app understands, applications and services that take advantage of location data can be invaluable to consumers. It’s not just improved traffic flows and basic navigation information either. Geolocation information can help the blind navigate public spaces or set up a Saturday night date.

I am excited to see firsthand how innovative businesses are taking advantage of location data at the upcoming Location & Context World 2015 conference, but I am also happy that the event will have a focus on the resulting privacy, security and ethical challenges that go along with all this contextual innovation.

The reality is that the rules and controls around the collection and use of our location information are unclear.

A majority of Americans view knowledge of their physical location to be something that is very sensitive, and consumers tend to put some value on their location data. The Federal Trade Commission has cautioned that location data can quickly become sensitive personal information. Privacy advocates argue that location tracking via our mobile devices is the “deepest privacy threat” and “often completely invisible,” but fears of pervasive surveillance aside, the reality is that the rules and controls around the collection and use of our location information are unclear. The courts are slowly expanding Fourth Amendment protections for government access to location data, but the tools consumers can actually use to make decisions about location sharing are still evolving.

As a practical matter, there are more sensors and technologies that can track location than I can count on my hands. Geolocation is no longer just the product of GPS and cell tower trilateration, but also beacons, our own Wi-Fi routers, and sometimes the magnetometers and microphones in our smartphones.

The average consumer has no comprehension that their location can be deduced from technologies other than the suite of mobile OS location services they can toggle on or off on their phones. And although many people may be fine with the apps they use having location, they may not like the idea of that location being shared with many others for ad targeting. Earlier this year, The Wall Street Journal reported on how real estate agents could pool together different information sources and ultimately serve advertisements directly to the unique home addresses of high-value consumers.

As companies build more and more advertising and user profiling on top of different types of location data, we need to provide more effective controls. Instead, the proliferation of opt-outs and choices about how/what/when/where location data is being used can only leave consumers feeling confused. I’ve recently taken to appending “_optout” my home Wi-Fi router to not just opt-out of having my network tracked but also to broadcast some sort of message to the world. Yet this opt-out only applies to Google and some other services. For multiple other location databases, users need to find their router MAC addresses and hunt down separate opt-out pages of companies to type it in.

As companies build more and more advertising and user profiling on top of different types of location data, we need to provide more effective controls.

Ad targeting companies who belong to the NAI or DAA have committed to only share location data on an opt-in basis when the information is “precise." Both the NAI and DAA have released guidance as to what constitutes “precise location,” providing a helpful place to start. Specifically, the NAI has offered a four-factor balancing test that considers: (1) the area of the identified location, (2) the population density of the area, (3) the accuracy of the data, and (4) the presence and detail of the location’s timestamp. The DAA Mobile Code, meanwhile, notes that five-digit ZIP code street and city name, and general geographic information from IP addresses are not precise.

The Future of Privacy Forum worked with companies to create a code for vendors who provide retailers and airports with location analytics, and developed an opt-out that consumers can use at But many other uses of location don’t yet have clear user controls, creating a risk of consumer concern that could lead to another so-called privacy panic at some point. Last year, Sen. Al Franken proposed a Location Privacy Protection Act and suggested that companies were giving sensitive location data “to whomever they want.” While legislation is unlikely at this point, the lack of clarity can only encourage regulators to view location information as something that needs policing.

Of greater threat is the risk that mobile platforms will react to concerns around uses of location by technically preventing collection or uses that they consider to be problematic. Privacy concerns around the passive collection of Bluetooth and Wi-Fi MAC addresses encouraged Apple to begin randomizing device MAC addresses with iOS8. In iOS9, Apple will prevent apps from accessing MAC addresses of nearby routers, further limiting apps from assembling location data about users.

There is no question that location data and the services built on top of that can provide value to consumers, but if companies aren’t clearly explaining how and why they use location information and aren’t providing consumers with effective controls, laws, platform policies and technical controls will continue to evolve to constrain novel applications reliant on location data.

I am hopeful Location and Context World will provide an opportunity for thoughtful companies to explore the ways we can advance trustworthy policies for future innovations using our location.


If you want to comment on this post, you need to login.