Privacy, Risk Management

Location-Based Tracking Data Creates a New Privacy Concern

On March 25, 2011, Fordham Law School conducted a timely symposium on the legal and privacy policy implications of location-based technologies, i.e., those technologies that collect and use data indicating a person’s specific physical location.  The lively panel discussions all had one underlying theme – location-based tracking may be pervasive but the relevant policies are still in their infancy.  Although the “privacy-worthiness” of geo-location data has recently been in the news given the California Supreme Court’s ruling that Zip Code information can be considered “personal identifiable information”, location-based tracking of persons may actually loom as an even more fertile proving ground for privacy litigation given the ubiquitous nature of the activity.

It is commonly known that most smart mobile devices built today have some sort of GPS tracking capability.  Despite numerous media accounts, it is unlikely, however, that many mobile phone users also realize that their phone carriers ping their location every seven seconds and actually store this data.  Although consumers may not be fully aware of the location-based tracking that is going on, there are a number of startups banking on this capability.  Free mobile apps such as “Color” provide folks with the opportunity to share images and videos with those persons located in their very near geographic location.  And, start-ups such as Foursquare and Bizzy offer a more commercially viable application that provides consumers with opt-in shopping recommendations based on their geographic location.

Just how big an issue this will become remains to be seen given we are at the early stages of location-based data collection and marketing.  What should be of concern is the fact huge stores of data exist on pretty much every mobile phone user.  Although the EU has had rules in place since 2005 regarding located-based tracking, the FTC has only recently raised the privacy implications of the vast amounts of location-based data being collected.  See Protecting Consumer Privacy in an Era of Rapid Change, A Proposed Framework for Businesses and Policymakers (Preliminary FTC Staff Report, December 2010) at 23 – 25.

German privacy advocate Malte Spitz wanted to find out exactly how much of tracking data T-Mobile Germany was storing about him so he used German privacy laws to obtain the information.  What he got back from T-Mobile was six months of data including 35,831 points of location information.

According to a German newspaper that first wrote about the data trove maintained by Spitz’s phone company:

This profile reveals when Spitz walked down the street, when he took a train, when he was in an airplane. It shows where he was in the cities he visited. It shows when he worked and when he slept, when he could be reached by phone and when was unavailable. It shows when he preferred to talk on his phone and when he preferred to send a text message. It shows which beer gardens he liked to visit in his free time. All in all, it reveals an entire life.

On March 29, 2011, U.S. Reps. Edward Markey (D-Mass) and Joe Barton (R-Texas), Co-Chairmen of the House Bi-Partisan Privacy Caucus, responded to the public disclosure of the Spitz data request, by sending letters to the CEOs of the four major U.S. wireless carriers – AT&T, Verizon, Sprint, and T-Mobile.  These letters request information regarding data collection, storage and disclosure practices.

After the four major U.S. wireless carriers respond to Congressmen Markey and Barton, we may be in a better position to understand how companies plan on using the location-based data that is being collected.  More importantly, we will get a better handle on how the FTC and other regulatory bodies may eventually chime in on this privacy debate.  In the interim, companies looking to harness the marketing potential of location-based tracking data should evaluate whether it makes sense to refrain from selling available data.