The Elephant in the Room

Summary: This article places into business context the issues around location data privacy. It discusses the technology and business drivers that are leading towards a tipping point where the benefits of using location technology and applications collide with 4 key business problems associated with location data privacy management, and discusses proposed solutions to the lack of governance around location data privacy.

By The Location Forum
Paul Barrett, Director Digital Marketing Optimization Solutions, Aster Data
Arthur Berrill, Vice President Technology, DMTI Spatial
Gary Gale, Director, Places, Nokia Location & Commerce, Nokia
Kipp Jones, Chief Architect and Privacy Czar, Skyhook Wireless
Natasha Léger, Editor, LBx Journal; CEO, The Location Forum
Dana Lonergan, General Counsel, Traxxit
Kevin Pomfret, Executive Director, Center for Spatial Law and Policy
M. Vincent Restucci, Director of Procurement & Business Technology,
R.D. Offutt Company Farm Division
Claudio Schapsis, CEO, Georillas
Jim Warner, COO, The Location Forum
Peter Woodgate, CEO, Cooperative Research Centre for Spatial Information

When it comes to privacy, there are basicaLLy two ends of the spectrum: those who are In the “sharing culture,” who act and behave in a very open manner, and those who feel privacy is a “protected right” and find any intrusion to be offensive. But, privacy is more complicated than that.

In the Information Economy in which we live, personal data and similar forms of information are the currencies. And location data is the universal link between all data, because everything and everyone is somewhere – which means your business is already using location data in some manner, either passively or strategically.

The power, benefits, and risks associated with location data are in its capacity to infer more than the face value of the original information. One can derive many things from location that are not obvious on the surface and that is what makes location data unique from all other data.

From a business perspective, this makes location data both a valuable asset to leverage but also, a hypersensitive issue with both customers and employees (not to mention regulators who are taking an ever-increasing interest). Here are some stun- ning facts about location data followed by the major reasons why location data privacy should matter to you and your company.

The Scope

To the casual observer, location data is a narrow issue. People only become aware of it when they look up driving directions, zoom in on their house in Google Earth or Bing, see a request to use their location on their smartphone or perhaps when they see a targeted ad pop up on a social media site. But it goes much deeper than most people realize.

→  The collection of location information has been expensive, labor intensive, and manual for hundreds of years. The di erence today is the scale at which location data is being automated and continuously collected, aggregated, and shared beyond the original intent of the collection of the information. There are 4.6 billion cell phones on the planet with continuous location tracking capabilities, 800 million Facebook users, 200 million Twitter users, and 2.1 billion Internet users.

M2M (machine to machine) communications, including sensor networks, smart grid, telematics, eHealth and other applications, is huge and growing rapidly. It’s estimated there will be 50 billion connected devices by the year 2020. All of these are contributing (and sharing) dynamic location information with other networks, devices, and applications – some simply by being switched on, others in response to a query, and others as a function of the application (i.e. social media).

There are 4.2 million public surveillance cameras in the UK and millions more around the globe. DigitalGlobe, the largest commercial satellite imagery provider, collects close to 2 million square kilometers of the globe per day. Google StreetView has collected tens of millions of images since it was launched in 2007 (plus they have collected and stored personal wi data in the process). Mobile operators and device makers – for example Apple, Motorola (now owned by Google), Nokia, Samsung – are developing location databases using CarrierIQ or other tracking software (these are generally used for operational and customer service objectives).

Google just changed its privacy policy to more efficiently correlate personal data across its over 60 products. Twitter sold 2 years’ worth of Tweets. In 2006, 1.2 million photos on Flickr were geo-tagged in the first 24 hours. Today, that number is in the billions.

Access to an individual’s or organization’s location information is unprecedented. Demographic data that was compiled from product registrations, surveys, and census information used to be expensive and available only to large organizations. (While census data is free, correlating it and making sense of it takes time and is usually the domain of data aggregators.) While information collected by the government such as tax records, property records, campaign contributions and the like (which all contain location information) have always been publicly available, having to physically go to the government agency and fill out paperwork just to view the document created a significant barrier. Today, almost anyone can obtain these records online without any clear governance around how that data should be used.

Combine all this with the cheap cost of data storage, widespread access to high-performance computing and a vibrant data aggregation and analytics industry capable of synthesizing reams of publicly available demographic data, and it’s easy to see that the scale of location information is enormous. And the distribution of this information is potentially even larger.

The Situation

The scale and pace at which location information collection, aggregation, and sharing is unfolding is all happening without any clear boundaries around the use of the data. Complicating matters is the fact that most people don’t understand the value of location information the way they understand the value of personal financial or medical information. This skews the debate towards whether location information should be collected or shared in the first place rather than discussing how and when it’s appropriate (and the corresponding privacy issues).

While location information has been collected for years, it has generally been collected for specific purposes and by organizations that were not selling location-based products and services. In other words, the location data or personal data itself was not the revenue generator. Today with the advent of “freemium” services, whole businesses and industries exist for the sole purpose of selling personal data, and that includes location data.

Many of the industries that have traditionally been collecting personal information are regulated, such as healthcare, financial services, telecommunications and utilities. Because of the regulatory boundaries imposed on these companies in the ways they can use personally identifiable information, they incur limited risk relative to location data privacy infringement. Unregulated industries and businesses such as advertising, software, consumer electronics, data services and others are a different story. These blurry lines between business models, business objectives, and delivery of convenient, value-added products and services are driving the market and simultaneously demonstrating the benefits and privacy risks of location data as more and more people and businesses become dependent on location-based products and services.

the Location Forum

The Location Forum is the premier business leadership association representing the interests of the location industry. It is at the forefront of developing guidelines and best practices to fill the void in lack of location data privacy governance, including working on a location data privacy pledge. With members from across the value chain including mobile operators, device makers, software developers, data aggregators, service providers and users, the Forum is uniquely positioned to address these issues.

As part of their comprehensive approach, the Forum will be publishing a detailed Primer on Location Data Privacy in May that will include a thorough examination of the issue including comprehensive definitions, privacy infringement triggers, inference, anonymization, risk and utility, access rights and ownership and more. This will be followed by a full set of Guidelines and Best Practices in July.

The Applications & Benefits

While the above facts and the scale of location data collection are cause for concern, it is equally important to note the benefits of being able to quickly and efficiently collect, aggregate, and share location data.

a. Improved Customer Service and Customer Experience:

→ Companies like MGM Grand Casino and Hotel have installed WiFi networks in their casino to provide a better customer experience to their guests in terms of ability to be connected to the Internet. What they found was that when guests accessed the WiFi network, they could develop a better understanding of guest behavior within the casino and could then provide a better experience by providing targeted announcements of events, discounts, and relevant offerings nearby.

→ Costco is a warehouse membership organization that o ers a variety of products including food. The ability to quickly aggregate location information on its customers, stores, and supply chain enables Costco to quickly respond to product recalls, and in the case of food recalls, mitigate risks of illness.

→ Financial institutions, banks and credit card companies use location information collected from mobile phones and IP addresses to mitigate fraud.

→ The ability to remotely diagnose and solve mobile phone problems and determine whether they are network-based or device-based is the result of location tracking software installed on the device (which became the subject of much media attention).

b. Emergency Response:

Most government agencies around the world operate in silos. This means that they don’t share information easily. In emergency situations such Hurricane Katrina in 2005, and the Japanese Tsunami in 2011, the consequences are deadly.

→ Without location information, how would emergency responders be dispatched to answer your e911 call?

c. Instant Information:

→  Access to relevant information has never been easier. Voice recognition software combined with location data allows you to ask your mobile phone, “Where is the closest eye doctor?”

→ Commercial real estate companies, real estate developers, and retailers can now instantly develop a multi-dimensional profile of an area of interest for investment and operational purposes. (What used to take weeks of market analysis now takes minutes and even seconds depending on the complexity of the query.)

d. Supply Chain Disruptions:

→ With applications such as Bloomberg’s BMAP for commodities (which aggregates over 200,000 location- based datasets), nancial analysts, traders, and organizations have increased visibility into supply-chain disruptions for oil and agricultural commodities, which can make or break business performance objectives.

e. Personalized Services:

→ Access to mobile location data enables the development and delivery of personalized services from “find me, follow me” services such as personal tracking (kids, elderly, pets, assets), personalized news based on location, and product, health, and emergency alerts (push notifications) based on location.

There are many more known applications and benefits, and frankly even more unknown bene ts yet to be discovered. With millions of developers – professional and amateurs, from those working for Fortune 500 companies to those coding in garages – thousands of location-based applications are being developed every day for a number of different reasons, from for-profit motivations to betterment of mankind reasons, and simply because they can.

The Problem

Along with the bene ts there are some inescapable issues businesses must reconcile. In a sense, it’s a classic chicken and egg situation. In order to achieve their objectives, businesses have to navigate a mine eld of issues where there is little (or conflicting) guidance, the risk of tripping up is high and the penalties for doing so can be severe.

But choosing to not use location data in this hyper-connected and hyper-competitive market environment is also not much of an option; ignoring location data puts the business at a huge disadvantage in terms of potential cost savings, competitive positioning and delivering exceptional customer service.
The problem breaks down into 4 major areas:

a. New and Evolving
Data Type & Detail:

→ Location data covers a broad landscape but in most cases, the data companies want to use contains information about employees, customers, or their business plans. In addition, this data needs to be reasonably specific, granular and personalized or its value is limited.

→ In an operational or supply chain application, a business may want to factor in the location of key suppliers when making decisions regarding new factories, warehouses or retail outlets. This information could be invaluable to competitors and could alert them to your future plans for expansion or for a new product line.

→ The location of employees is extremely useful in planning delivery, compliance and distribution routes, scheduling service and repair appointments and even overtime hours worked. Yet many employees may find this a ‘Big Brother’ intrusion into their lives.

→ From a market intelligence perspective, the more detailed the information about a consumer’s habits, the more accurately a company can predict and meet their future needs. But go too far and people may feel their personal space has been violated – even if the resulting service is useful.

b. Automated Creation, Collection & Aggregation:

→ Location information is being created by wireless networks, devices, applications, websites, cameras, RFID chips, satellites, swipe cards and other devices and technologies.

→ There are numerous sources of location data but few guidelines (or laws) on what constitutes a legitimate way to collect, aggregate, manage and explore it; those that do exist, such as various privacy frameworks, are inconsistent, narrow in scope, and ineffective.

→ The risks associated with handling location data are often misunderstood from individuals, to businesses and regulators and are creating a sense of angst within the industry.

c. QuestionableProtection Requirements:

→ Businesses must safeguard the privacy of this data from competitors, hackers and others or face serious consequences ranging from public embarrassment to legal and nancial penalties or worse.

→ The value of location information, and the potential knowledge that can subsequently be derived from it, is not well understood. Location information reveals more than you think and leads to identity theft and the disclosure of sensitive, con dential information.

→ Currently, privacy attributes or characteristics associated with a particular piece of data do not always remain connected to that data especially as derivative works are created. This lack of “stickiness” results in overt (opted-in) or default privacy settings being discarded.

→ Current privacy protection policies & mechanisms must be reviewed and evaluated within the context of the scale at which location data is being collected, aggregated, and shared to mitigate potential privacy breaches.

d. Hazy Sharing and Acceptable Use Boundaries:

→ The definition of what constitutes acceptable use varies from person to person and situation to situation, which creates uncertainty and raises the risk of businesses crossing an invisible line, damaging their strategy and harming the very situation they were trying to improve.

→ Even when individuals are asked to consent to utilizing their location information, they may not comprehend the full implications in an area with such rapidly advancing and highly synchronized technologies; understanding how the information may ultimately be used may be di cult for the everyday user.

→ The rise in derivative data products, resulting from rapidly increasing access to public and private data, challenges the e ectiveness of usage rights monitoring. The legalese of Terms of Use are often ambiguously drafted to protect the location applications or service provider, and are not focused on informing the user on how organizations may use the information.
As a result, location information may be shared and accessed without the individual’s or organization’s knowledge.

→ Numerous laws and regulations exist for record retention and law enforcement purposes that require companies upon a subpoena and search warrant to turn over personally identifiable location data. Compliance with law enforcement requirements, while not the subject of this primer, is a critical element of providing location-based services, technologies, and applications.

Top 10 Reasons Why Location Data
Privacy Matters to Your Business

1. Location-aware technology is everywhere.
It serves many useful functions but has some unintended consequences. Location information reveals more than you think because of the ability to infer from it; many people and organizations don’t realize it.

2. Widespread access to location data combined with inexpensive computing power and storage means almost anyone can discover and analyze things about you or your business without your knowledge. Data is the new currency of business.

3. In the era of BYoD (bring-your-own-device; use of personal mobile devices in a work setting), and third party fulfillment / ad insertion relationships, enterprise data is increasingly being collected, accessed and used outside traditional IT firewalls and this information could readily leak to competitors or others outside the bounds granted by the user or enterprise.

4. People are the new products. Many emerging business models (such as advertising-based services) depend on users sharing their location information. If people feel “violated,” they will stop sharing, and skittish consumers are bad for business.

5. Once acquired, location information has ineffective protection policies. This increases the risk for data abuse. A lack of consistency in managing and using personal data makes it nearly impossible to trust a company’s privacy terms.

6. The privacy rights of an individual are legally protected. This is in just about every country but regulators and lawmakers are only now waking up to the role location plays in this issue. Their “solutions” may well create numerous unintended consequences that could be bad for businesses all around.

7. location data privacy and transparency are distinctly different. Location data privacy is not about hiding information; it’s about safeguarding information that is no one else’s business.

8. location data privacy places boundaries around the use and sale of lists of people (customers, employees, partners) and their related location information (like reselling tweets, texts, email contents, profiles).

9. Risks of identity theft, personal safety, and tarnishing of corporate / brand reputation can be directly tied to improper management of location data, and location data privacy infringement.

10. location data is big business. It becomes integrated into industries such as Big Data Analytics, Business Intelligence, Advertising, Healthcare, and Communications, which are collectively worth about $5 trillion.

Location Data Privacy Solution Guidelines

Reconciling the business needs and risks with the development of location-based technologies, products, and services that do not infringe upon the privacy rights of individuals will require a comprehensive approach in which all the players in the ecosystem/value-chain agree. The solutions are multi-faceted and break down as follows:

→ Informed Consent: This is more than mere notification or request to use one’s location. Informed consent has to entail an attempt to give the user a clear understanding of how the data may be used, aggregated and shared. Permission to use the data is not informed consent. This requires a usage-based opt-in policy.

→ Transparency: Much like companies state how they will use email addresses, companies must disclose clearly in unambiguous terms how they will use, collect, aggregate and share specific location data.

→ Industry-agreed-upon Standards and Boundaries for Use: Currently there are no restrictions, limitations, or boundaries around the collection, aggregation, or distribution of location data unless such actions somehow violate a patchwork of laws and regulations. An industry threshold of potential harm needs to be established to create location data privacy boundaries.

 An Industry-agreed-upon Code of Conduct: This is required to give users a sense of assurance that companies are following sanctioned guidelines and best practices in the safeguarding of location information. In addition, a code of conduct creates an industry-approved expectation of location data privacy, and internal procedures to ensure a location data privacy culture.

→  A Location Data Privacy Audit System: This includes a legal audit of terms to ensure that all data sources are being used in accordance with their licensing conditions. It also includes what we are calling a “moral audit” for now, which is adherence to the location data privacy code of conduct. Attributes associated with a particular piece of data need to be passed along (also known as “inheritance”) and there needs to be a level of traceability for discrepancy resolution and audit purposes.

Where is the Risk in Location-Based Services?

Using Smartphones as an example, the value chain players can be involved at all three levels of collection, aggregation, or distribution of location data. In Figure 1, the level of industry oversight including both formal regulation as well as industry self-policing is compared to potential level of privacy infringement.

With the exception of government, wherever there is less oversight over the use of sensitive personal information, the greater risk of violating the right to keep one’s whereabouts (and the information inferred from one’s whereabouts) private. This chart simply focuses on the risk of disclosure of one’s whereabouts, not any harm that could be in icted as the result of such disclosure.