Many "web 2.0" websites and smartphone apps now collect locational data of persons for everything from harmless games to socially useful applications such as anti-kettling apps or crime or traffic congestion maps. How far does ubiquitous collection of " where you are" endanger personal privacy, and how far is it controlled by the informed consent of the data subject? What balance should be struck with the social utility of collecting locational data||? THis ppt discusses some of the (mainly EU) legal issues against the technological/social background - further work needed.
My web geolocator at home from my Virgin media wi fi thinks I’m near Preston all the time..
Growth in LBS – originally delivered primarily via smartphones using cell but more especially GPS technologies to locate user of handset – cell gave you maybe a a kilometer square location, or more, depending on rural or urban – GPS goes to 4-15 meters location – v different. Now being rolled out to other platforms which pinpoint location using instead wi fi access points to locate user (or as well). Eg desktops, laptops, tablets (ipads), etc.
=> Diversification of ways to access LBSs – via social networks (FB Places ) – via your desktop or your phone or anything with a web browser.. 4Square was market leadr, prob now FB Places since roll out..
New types of business models. Grindr eg “sells” the location of its users to each other so they can pick each other up for gay sex – an intersting example of users clearly wanting disclosure not privacy or seclusion.. 4Square/FB Places encourage users to repeatedly “check in” to places so they can become “Mayors”, pick up discount vouchers etc. In general few of these LBSs are sold directly for money as is common in web 2.0 Their bisiness models are emergent but mainly around same models as we see through the SNS world – give a product away for free, collect personal data from users (explicitly revealed or implicitly via cookies and of course , acces to locational data) , add it to other sources of data, create anonymised data profiles of users and sell these to the highest bidders who then use this data to send “targeted” or “behavioural” ads to users. LBSs thus feed inti general debate going on right now on in law/IT on whether OBA and SNSs invade user privacy and if so how to control it (more from Judith on former). Muvh location data collection now come “bundled” as part of functionality of SNSs – FB Places, geolocated tweets - enhancing the data they already collect and providing more “social networking experience” to users. Similarly many are used as downloaded apps to smartphones. Note the no of responsible agents involved here… handset maker, network provider (eg Orange),OS maker (Android, Apple), browsers (Safari etc, not always same), SNS platforms, app developers, user themselves – all have a role in “regulating by code” here – setting privacy defaults etc. Not just an isue for lawmakers – coders must get involved in understanding issues. Very complicated area to “pin down” who should implement any rules protecting users therefore , and for users to understand what to do to protect themselves (fiddle with phone, talk to Orange, alter settings on app,??)
Also note public benefits from LBSs - not just about fun & private profit - increasing use mash ups eg here #uksnow – created from geolcated tweets during recent awful winter in UK – could tell which areas most badly hit. Similar uses recently eg to show comparative crime rates in your area (UK Crime Map); more controversial – what adv except to drive down house prices? Is consumer info always a bonus?
After the “uncut” battles near Lib Dem HQ and Westminster etc – tactic revealed to share data on where police arranging “kettling” traps and how to exit from them..
Odd one out because alrhough it uses “location data”, it’s not collected via your phone (or laptop etc) but by Goog;e’s cameras in vans. Good example of p’raps most loved LBS – to make money (ads) but also arguably social benefit - finding your way to new places, scoping out areas to move to or for holidays etc, checking look of hotels you’re going to be staying in . But has perhaps arisen the most privacy fears for various reasons we’ll get to (and vast opt out here in Germany cf ed to UK eg). Also raises issues I’ll come back to as whether law DOES currently specially regulate to safeguard user in respect of “collection of locational data”
1 – harms? Misleading/erroneous? Invasive? May leak to 3 rd parties not contemplated – govt, private litigators, advrs 1= Me & J mist worried in EU about 1 – 2 gets a lot of attention in field of SNSs and ch protection already (education? Online safety?) – 3 is a security issue legally, a design and policy isue for technologists to think about - may turn out to be the biggy as we move from web based loc’l data collection -> extensive Internet of Things loc’l data collection?
Revised text Oct 2010: For the purpose of marketing electronic communications services or for the provision of value added services, the provider of a publicly available electronic communications service may process [traffic data] to the extent and for the duration necessary for such services or marketing, if the subscriber or user to whom the data relate has given his or /her prior consent . Users or subscribers shall be given the possibility to withdraw their consent for the processing of traffic data at any time. Art 9 for location data similar but not amended – remains just “consent” but only after “information..of the purposes and duration of the processing”.
PECD envisaged Minority Report “intelligent billboards”, tailored texts to phone eg “nearest Indian restaurant” oogle RFID – collected by chip in Oyster – not “terminal equipt” of user nor using “public network” GPS in Sat Nav – same (+private netwk) G St View – data collected is what we think of as “location” but not collected by your PHONE but by Google taking pix!!
J will talk about what level of consent – prior, informed, explicit – the Art 29 WP is recommending. But who would implement it – the netwk provider, the handset maker, the app, the OS, the browser? Which is the “data controller”?