Later this month the European Union’s “Article 29 Working Party” is likely to issue new rules requiring mobile and smartphone providers to treat location-based data as Personally Identifiable Information (PII). Last week, Apple, Google and others testified on the Hill regarding their use—or misuse—of consumer’s location data from smartphones.
What is driving the speed and intensity of this regulatory response? A simple fact: location-based data links mineable information context about what you are doing, when and where, in a manner that is explicitly tied to your identity. This is a watershed threat to privacy we have not seen since the commercialization of the Internet (when we had to pay for Internet access).
Providers of smartphones and mobile applications need to realize and proactively manage this. If not, life could quickly become much harder for them. This would not just be bad for providers; if would curtail innovation enjoyed by consumers.
Now is the time for industry to get out in front and establish a Code of Conduct guiding use of location-based data (just as the Mobile Marketing Association did years ago for text messaging). Not only could this head off costly regulation; it could also set the standard for a trusted consumer experience, significantly expanding the location-based service market.
An effective Location-based Data Code of Conduct should include the following policies:
1. Enable users to turn location services on or off easily and transparently
Location-based tracking and promotion is great when people are gift shopping. However, sometimes it is simply an invasion of privacy. This applies equally to the enterprise, as companies don’t want their mission-critical staff to turn off corporate mobile phones to protect their private lives when they are out of the office. Smartphone and mobile app providers need to enable people to turn location-based services on or off. Those who make this easy and transparent will establish market leadership.
2 Manage location-based data with the same fidelity as billing data
Yes, mobile phones have tracked where you were (and when) for years. However, smartphones now combine this with data about what exactly you are doing—in a format that can be mined for targeted marketing, legal discovery, and more. Providers need to treat these data as sensitively as they do with billing data: asking for consent before collection or sharing, encrypting it, guarding it behind firewalls, and anonymizing it for marketing analysis. Those who fail to do this will lose customers and face lawsuits or worse.
3. Require mobile app providers to adhere to the code of conduct
Right now people are “up in arms” because a few very visible, publicly traded companies are keeping their location-based data. Imagine what this will become when hundreds of “fly by night” companies exploit location data for identity theft, targeted burglaries and more? Industry needs to create an App Store-agnostic, straightforward certification program for location-based app providers. This will create the same trust needed for location services growth that similar self-policing programs did for eCommerce and mobile marketing.
4. Let customers request anonymization of their location data
Consumers are already worried about their online data be stored forever in search engines. However, search engines can only crawl data actively posted. Location-data is collected passively; removing the conscious “should I post this” moment. As a result, consumers face a Hobson’s Choice on consumers: do I forgo location services or permanently lose privacy? Providers need to enable customers to request anonymization of all stored location data. This process can be balanced (e.g., linked to continued service use). However, it must exist.
Location-based services are enormously exciting and present an unimagined range of applications for commerce, logistics, medicine and more. A smart Location Data Code of Conduct will enable all of use to exploit this innovation safely, profitably and effectively.
Article first published as It’s Time for a Location Data Code of Conduct: Four Needed Policies on Technorati.
