27 May 2011

Geolocation Data as Personal Data

The European Union's Article 29 Data Protection Working Party has published its opinion concerning geolocation services on smart mobile devices.

Photograph of an old-fashioned small manual telephone exchange

Opinion 13/2011 aims to clarify the legal framework applicable to geolocation services that are available on and/or generated by smart mobile devices that can connect with the Internet and are equipped with location sensitive sensors such as GPS. This would include applications that provide mapping and navigation, geo-personalised services (including nearby points of interests), augmented reality, geotagging of content on the Internet, tracking the whereabouts of friends, child control and location based advertising. It also covers GPS, GSM base stations and WiFi infrastructure.

The document sets out the context, privacy risks and legal framework, and recommends geolocation data should be classified as personal data/personally identifiable information (PII), since it can be used to identify individuals. The document proceeds to set out obligations arising under data protection laws. Importantly it states that "consent cannot be obtained through general terms and conditions" and "by default, location services must be switched off". The need to delete such data within a justified period of time is also listed.

Meanwhile in the United States, there is a new proposal to update the somewhat out-of-date 1986 Federal Electronic Communications Privacy Act (ECPA). This would affect how law enforcement agencies can request and use geolocation data, to protect consumers' privacy. See a good further discussion of this topic by Stephen Gantz on Infosec Island.

It may be interesting to consider how this might also affect IP address data, since there can be precise mappings of IP addresses to some specific locations.

Data controllers and data processors who use any type of geolocation data should take note of these trends (and, in the United Kingdom, also read the ICO's recently published Data Sharing Code of Practice).

Posted on: 27 May 2011 at 11:21 hrs

Comments Comments (0) | Permalink | Send Send | Post to Twitter

Comments

Comments are filtered automatically and should appear shortly after they been checked.

Post a comment
Confirm acceptance and understanding of the terms of use
New posts to this thread will be sent to your email address
Geolocation Data as Personal Data
http://www.clerkendweller.com/2011/5/27/Geolocation-Data-as-Personal-Data
ISO/IEC 18004:2006 QR code for http://clerkendweller.com

Page http://www.clerkendweller.com/2011/5/27/Geolocation-Data-as-Personal-Data
Requested by 54.81.170.136 on Wednesday, 23 April 2014 at 09:17 hrs (London date/time)

Please read our terms of use and obtain professional advice before undertaking any actions based on the opinions, suggestions and generic guidance presented here. Your organisation's situation will be unique and all practices and controls need to be assessed with consideration of your own business context.

Terms of use http://www.clerkendweller.com/page/terms
Privacy statement http://www.clerkendweller.com/page/privacy
© 2011-2014 clerkendweller.com