The concept of geolocation privacy is now receiving a good deal of attention in the United States. For example, nine bills are being considered on Capitol Hill that would would regulate the collection, use and/or transfer of geolocation information. Many of the bills include geolocation as part of larger privacy bills and treat an individual’s geolocation information the same as an individual’s social security number or financial records. While protecting geolocation privacy is certainly an important issue, any legislation should take into account some important aspects of geolocation information that makes it different than other types of ‘sensitive information’ that is generally protected for privacy reasons.
The concept of geolocation privacy is now receiving a good deal of attention in the United States. For example, nine bills are being considered on Capitol Hill that would would regulate the collection, use and/or transfer of geolocation information. Many of the bills include geolocation as part of larger privacy bills and treat an individual’s geolocation information the same as an individual’s social security number or financial records. Some in the geospatial community believe that this legislation would only impact those involved in wireless communication or in providing location-based services. However, many of bills are so broadly written that if they were to become law they could apply to a broad range of geospatial products and services, including satellite and aerial imagery, GIS and GPS. Under some bills, companies would be required to provide notice to and obtain consent from individuals before collecting, using or transferring ‘precise geolocation information’. Unfortunately, the task of defining the term ‘precise geolocation information’ is left to the Federal Trade Commission and/or the courts. (It is noteworthy that a California court recently held that an individual’s zip code was ‘personally identifiable information’ and therefore protected under a California law meant to protect consumer privacy.)
While protecting geolocation privacy is certainly an important issue, any legislation should take into account some important aspects of geolocation information that makes it different than other types of ‘sensitive information’ that is generally protected for privacy reasons. These aspects include :
– Defining ‘geolocation information’ is much more difficult than defining such terms as ‘social security number’ or ‘medical records’. For example, is our privacy violated if an individual’s location is disclosed to within a few feet, or a certain region (such as a zip code) or to within a city or county? Moreover, should historical location information be considered less sensitive than real-time data for privacy purposes?
– An individual’s geolocation is collected, stored electronically and transmitted many times a day through a variety of devices such as toll smart tags, CCTV cameras, office building key cards and red light cameras. Debit and credit card transactions also disclose an individual’s geolocation. As a result, legislation could impact a number of companies that would not know they were in the ‘precise geolocation information’ business.
– The U.S. Supreme Court has held on a number of occasions that an individual does not have a ‘reasonable expectation of privacy’ while in a public place. These decisions have primarily been related to Fourth Amendment ‘search and seizure’ cases; however they are generally accepted in a variety of other contexts. Congressional efforts to protect an individual’s ‘precise geolocation information’ – even when out in public – as sensitive could have a profound impact on this analysis. For example, criminal defense lawyers might argue (and judges might agree) that Congress has helped to create a reasonable expectation of privacy in a public place such that following a suspect now requires a warrant.
– Businesses have been collecting geolocation information on individuals, such as addresses or zip codes, for years as part of normal business practices. Moreover, this data is likely being stored on a number of different servers throughout an enterprise. Trying to conform current and future business practices to a new reality of protecting geolocation information would raise a number of challenges. Some proposed legislation would permit a consumer to challenge the accuracy of ‘precise geolocation information’ a business has collected on him or her. This would allow someone, for example, to deny that he or she had been at a bar the night before and ask the business to immediately delete any information to the contrary.
– Unlike many other types of information considered sensitive for purposes of privacy, geolocation data can and will be used to provide a broad range of critical services. These services go well beyond ‘check-ins’ and coupons for free coffee while walking past a Starbucks. For example, geolocation information will be used emergency responders in disaster relief and by the medical community to predict patterns of infectious diseases. Scientists are already using the information to monitor climate change and in the future it will be used to better allocate scarce resources such as water and food. Geolocation information will also prove critical in such efforts as the smart grid and intelligent transportation systems. It is important to understand the potential impact any proposed legislation could have on these services as part of any discussion on the issue.
– Geospatial technology is contributing to economic growth. A recent US News and World Report article describes it as a ‘core tool’ and it is cited by the Department of Labor as a ‘high growth’ industry. Geolocation information is already the key component behind a number of mobile applications. Given the expected growth of smartphones and mobile tablets, the geospatial ecosystem required to support corresponding growth in mobile applications will create numerous jobs and increase tax revenues. Premature regulation of geospatial technology without a better understanding of the true impact these regulations might have could limit these growth opportunities.
Admittedly, there are certain threats associated with an individual’s geolocation information that need to be addressed. For example, the risk that someone could use the technology to stalk another person is an important concern. There are also risks associated with hackers collecting and exploiting a customer’s geolocation information in connection with identity theft. In addition, there should be restrictions on a governments’ use of the technology to monitor its citizens’ movements. However, lawmakers should consider other ways to protect against these risks without trying to force geolocation information into an existing legal and policy privacy framework. For example, updating the criminal code to specifically address geolocation stalking and requiring companies to take reasonable steps to secure customer geolocation information.
Media reports frequently cite the ‘big brother’ nature of geolocation technology. However, such reports often fail to mention that the technology and the related applications not only make life easier and more enjoyable, but are also empowering. (Most would agree that not knowing one’s location and/or the surrounding environment increases the chances of economic or physical harm.) The challenge for lawmakers and regulators around the world will be to develop a legal and policy framework that recognizes this potential, while protecting against legitimate threats to our privacy.
This post originally appeared on the Spatial Law & Policy site, and is reprinted here with permission.