Regulatory Watch : Push for Location Data Privacy Continues

The push for privacy protection is gaining momentum in the location-based services arena. Like other telecom segments—such as the wireline Internet and the wireless phone industry—lawmakers want to prevent unauthorized companies and marketers from abusing technology that pinpoints a customer’s location.
Sen. John Edwards, D-N.C., wants to limit those who get to see wireless users’ location information. That information is routinely available to network engineers and others who monitor the call load on cell sites. Other industries, such as car manufacturers, use location data to help travelers find the nearest restaurant—or emergency room—using a dashboard device linked to the GPS system. The marketing possibilities for location services are endless, but the potential for loss of privacy is even greater, lawmakers say.

Traveling Under Watch

Edwards is wary of such services as OnStar, which guides drivers to their destination and helps rental car agencies track their cars. Though such systems can save lives, as in the case of a driver caught in a blizzard on a lonely stretch of North Dakota highway, the information these systems store can be used for more obnoxious reasons. Take the case of the Connecticut car rental company that used location-based technology to determine when its customers were speeding in its automobiles. The rental agency, with the customer’s credit card number at hand, added speeding fines to the rental bill.

But debate for the most part surrounds the havoc advertising agencies and marketing companies might create if they build a database capable of tracking wireless device users. It could become a nightmare for wireless customers who don’t want to be bothered by a phone call or e-mail message from every store announcing a sale.

“If you have a cell phone in your pocket or OnStar in your car, somebody knows where you are at all times,” Edwards said when he introduced the bill in early July. The Location Privacy Protection Act would “protect consumers from marketers who want to use technology to track individuals’ whereabouts and sell the information without their permission.”

Customer Must Give Permission

Edwards’ bill would:
· Require the FCC to issue new regulations prohibiting all providers of location-based services and applications from collecting, using, disclosing or retaining location information without first obtaining the customer’s permission.
· Require location-based service companies to give customers clear and conspicuous notice about what the company is going to do with their location information.
· Give customers the right to ensure the accuracy of the information that is collected and require companies to keep that information safe from unauthorized access.
· Prohibit third parties—with the exception of public safety and other emergency services—from disclosing location information without prior authorization from the customer.

An Edwards spokesperson said the bill wouldn’t come up in committee until fall. Wireless carriers must already abide by privacy regulations under customer proprietary network information rules. No such regulatory protection exists, however, for the nascent location-based services industry, says Ari Schwartz, senior policy analyst for the Center for Democracy & Technology.

Getting Ahead of Technology Boom

“A lot more application providers are going to have this information, and they should be held to the same standard” as wireless carriers, Schwartz says. The center also worries that law enforcement agencies can obtain customer location information more easily than they can obtain permission for wiretaps. Police, for instance, can get a subscriber’s phone records to determine ingoing and outgoing calls, a tactic known as “who called who.” Police consider location information to be on the level of “who called who.” Privacy advocates want to make it more difficult for law enforcement agencies to obtain those records.

This is not the first time Washington has delved into location-based privacy rules. A bill similar to Edwards’ passed the House Judiciary Committee last year, and the Cellular Telecommunications & Internet Association in November sent the FCC proposed rules—very similar to Edwards’—for protecting customer location information. The FCC has yet to act on the proposals, says CTIA spokesperson Travis Larson.

The wireless industry, Larson says, believes limiting access to customer location data will prevent unauthorized marketers and other third-party providers from irritating the wireless public. “We recognize that profits are made when customer phones are turned on,” he says. “If customers’ phones are spammed by e-mail and advertisements, they’re not going to turn their phones on.”

But the CTIA doesn’t like the provision in Edwards’ bill that requires the FCC to finish rulemaking within 180 days of passage.