Industry Nonprofit Group Proposes Privacy Guidelines for Location Data

A geolocation industry–oriented nonprofit group is proposing that private companies adopt a set of 13 guidelines to help them protect the public and their bottom lines from breaches of geolocation privacy.

A geolocation industry–oriented nonprofit group is proposing that private companies adopt a set of 13 guidelines to help them protect the public and their bottom lines from breaches of geolocation privacy.

The Location Forum, an Alpharetta, Georgia–based organization, released a report entitled Location Data Privacy: Guidelines, Assessment and Recommendations to call attention to the potential of geolocation data to reveal intimate details of individual lives and suggest voluntary standards to protect privacy

“We developed these guidelines in the way we did because we felt that there was a need to help companies as well an individuals as well as policy makers to really understand the value of what location data really is,” said Natasha Leger, president of the Forum and the founder and president of ITF Advisors, LLC, a strategy advisory firm.

“How many cell phones out there . . . that have location capabilities, have them turned off?” said Arthur Berrill, vice president of technology at DMTI Spatial, a member of the forum’s Location Privacy Council, and a contributor to the report. “The wealth of information you can derive from (a location enabled phone) is outright scary.”

There are commercial firms that can locate mobile phones — and, therefore, mobile users — in real time Leger said. Companies can learn so much about you they cannot only surmise what you’ve done but what you are likely to do.

“Companies . . . have done studies which demonstrate that they can predict the behavior of people based on their mobile patterns,” she said.

But that is only part of the location “data-verse.”

A great deal of location information is collected “below the surface,” says the report, “where people are likely unaware it is even taking place.”

Your location can be noted each time you use a loyalty card, count calories with a Web-connected pedometer, buy a book with an inventory tag, pay a bill online, chat with your mom on Facebook, swipe your ID card to enter your office building, or take a photo with your smart phone.

The real power, however, comes when location information is correlated with other data sets, said Leger. In fact, the report points out that location can be the common thread that links disparate databases.

“This ability to ‘connect the dots’ almost automatically results in a much more complete profile of an individual or organization than the base data reveals,” the report says, and can result in the creation of the sort of an “entirely new level of ‘enriched’ data” that raises privacy concerns and breaks anonymity.

It is possible, for example, to locate an individual even if all you know about them are their age, sex, and zip code, said Berrill.

Although some organizations are already collecting a wide variety of location information, privacy advocates and industry still have time to set ground rules because much of that data remains unexploited, said Berrill. “Not very much is happening in the way of analytics so far. . . . The potential [of thoroughly analyzing location data] hasn’t yet surfaced."

The 13 suggested guidelines — which range from setting privacy and data handling policies and minimizing the data collected to automating compliance and giving people a chance to correct faulty records — are similar in many ways to the privacy policies created for websites.

The report includes a lengthy overview of the way that some location data is being gathered and tools to assess the strength of an organization’s privacy safeguards. The report is available to Forum members for $99 and nonmembers $199.

Adoption of the guidelines would be entirely voluntary, said Berrill, adding that he thinks many firms will take up the standards.

“The spatial world is so small that there is still peer pressure,” said Berrill and “responsible players will play by the rules and hold up the (firms) that are irresponsible.”

“Do you remember the fuss when Google was picking up WiFi hot spots?” Berrill asked. “Remember the hell that Google went through in the press for that? Well that’s the sort of thing that would happen if word got out if some unnamed organization were intruding on people’s privacy. That sort of peer pressure is almost impossible to resist.”