William S. Galkin, Esq. (www.galkinlaw.com)
(published in the Maryland Daily Record on May 16, 2011)
Tracking Location Data
Privacy is certainly a hot topic in Congress these days. However, as fast as bills are introduced to address the potential harm from ubiquitous gathering of personal information (5 this year so far), new and seemingly more insidious methods of information gathering are brought to light.
Just last month, The Wall Street Journal broke a story about how iPhone, iPad and Android smartphones regularly transmit location data back to Apple and Google. The iPhones also, apparently, are retaining this location information in an unencrypted form on the phone itself. It was also discovered last year that some smartphone apps have been recording location data, but it was not widely known that the smartphones themselves were doing this as well. Whenever you enter the E-ZPass lane at a toll booth and see all the cars lining up at the non-E-ZPass lanes you realize that a lot of people out there don’t want their locations recorded, even if they have nothing to hide.
Therefore, it’s not surprising that this story has been accompanied by a certain amount of outrage. While most everyone understands that cellular carriers regularly collect location data through linking users and proximate cell phone transmitters, this is an essential step in completing calls. The smartphones’ collection of this information is not necessarily to benefit the customer directly, but rather to assemble a massive database to be used for tapping into the multi-billion dollar location-based services market.
Senator Al Franken, a Minnesota Democrat, called a Congressional hearing on May 10, 2011, to question representatives from Apple and Google about this issue. This was the first hearing conducted by the recently created Senate Judiciary subcommittee on Privacy, Technology and the Law, which is headed by Senator Franken. During the hearing, the main concerns that were raised related to sharing of location-based data with third parties, potential criminal activity using this data, such as stalking, and the potential for data breaches. At the same time, the panel acknowledged that location-based data has value.
Apple and Google both claim that the data is not personally identifiable and improved advertisements were able to be sent to users who requested to receive certain services. The key factor, as highlighted by Alan Davidson, director of public policy for the Americas at Google, is that the users opted in to have this data collected via a clear, plain language screen.
An interesting use of the location data was raised by Senator Charles Schumer, a New York Democrat, asking Apple executives why they allow an app to be downloaded from the App Store which alerts users to sobriety checkpoints. They responded, simply, that such content does not violate the Apple app rules, but they would examine the issue. However, during the hearing, Apple’s vice president of software technology, Guy Tribble, said that Apple has never actually removed an app for violating the app store rules!
Legal Issues Involved
The real issue is not the collection of location-based data, because users, whether they remember or not, are consenting to this collection. However, as stated by Jessica Rich, a deputy director of the FTC, the real issue is that the consumers are not aware of the “layers of sharing that go on behind the scenes.”
What To Expect
Where’s this issue going to go? First, it should be acknowledged that many people enjoy location-based services because of the targeted ads, promotions, and other services that they receive. Second, many people are resigned to the fact that privacy in many ways is a thing of the past. Add this to the fact that current laws applicable to mobile devices are in disarray. For instance, courts are even split on whether data in a cell phone requires a search warrant to be accessed by law enforcement. Additionally, location restrictions under FCC regulations that apply to carriers do not apply to wi-fi operators or apps used on mobile devices. Therefore, the likely focus will probably not be on legislation, but rather on prosecutions where data was collected or shared without clear consent or the collection and sharing went beyond the scope of the consent. To stay safe, device and app vendors will need to make sure that the users are giving clear and meaningful consent and that they do not use or transfer location data in a manner that exceeds the scope of the consent. One last wrinkle - how do you obtain clear and meaningful consent when the privacy policies must be read on those tiny mobile device screens?