Players from Across Policy Arena Raise Privacy Nightmares on Downstream Uses of Location Data
SAN FRANCISCO -- The vacuuming up of data from mobile devices raises grave problems far beyond the possession of location information by providers that users can’t help being aware of, said central players from government, business and privacy advocacy. “There’s no perfect solution,” because of the value to companies, consumers and the economy of exploiting the information and the complexity of companies in the system, said Jim Dempsey, the Center for Democracy & Technology’s public policy vice president. “There’s no single solution."
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
The problem is “not just these individual pieces of data” that are collected, “but the inferences that can be drawn, correctly or incorrectly, about your behavior, your lifestyle” from location and other available information, said Brendon Lynch, Microsoft chief privacy officer, at a meeting Wednesday night of the Churchill Club technology-business forum. The “inferences frightening to consumers” are those like the medical system’s judging people from the foods they eat and places they visit and auto insurers knowing how fast applicants drive, he said. The challenge is making the information-handling known and understood to users, Tripp said. Consumers need protection not against Amazon.com’s collection of addresses to fulfill delivery orders, or even targeted ads, but against the use of inferences in employment, insurance and credit decisions, which are especially sensitive, Dempsey said.
Other speakers had different nightmares about location information. FTC lawyer Laura Berger said she’s especially concerned that wireless customers have little or no idea how their information is used by companies beyond the ones they know they're doing business with. “We need to improve the transparency of how consumer information is collected and used,” she said. Berger, from the commission’s Division of Privacy and Identity Protection, said “the big hurdle” is getting users to understand all the players, notably “the behind-the-scenes third parties,” and what they do.
Lynch said his biggest worry is the “user unknowingly broadcasting their location in a public way that has consequences for their safety,” especially with children. Chief Operating Officer Brian Knapp of the Loopt mobile social network said “a real concern of ours has always been an irresponsible company coming into the space and blowing it for everyone."
And “there is nothing that is off-limits to the government” when it wants information that companies have, Dempsey said. “That is legitimate. The government has compelling interests. … The question is what the standards should be” for turning over data “and the checks and balances.” The “rules are a hodge-podge of court decisions and statutes, both of which are out of step with the way the technology is used,” he said. Dempsey put in a pitch for the broad Digital Due Process coalition of companies, industry associations and advocacy groups that he assembled to press for rewriting the 14-year-old federal Electronics Communications Privacy Act.
"The complexity of the platform” in mobile -- involving carriers, device makers, browsers and applications in addition to publishers, advertisers and ad networks -- is “one of the major problems” in location privacy, Dempsey said. There’s a need “for more commonality across the industry and maybe some best practices,” he said. The set-up “cries out” for agreement across businesses about rules for proper behavior, Dempsey said. Knapp said, “There are great things happening at the platform level” to help users of iPhones and Android devices. But Dempsey said exposes by The Wall Street Journal have shown that the measures are often ineffective.
Knapp praised the FTC for emphasizing the value and importance of providing privacy information and choices at “teachable moments” -- in manageable doses as they become relevant in users’ dealings with companies and applications. The privacy framework put out by the FTC staff last month, “while not perfect, has some important points,” he said. The commission likes “to legislate a little with their guidelines and FAQs, but we let them get away with that,” Knapp said.
Broadband providers also have opportunities to provide education at the time of provisioning, Lynch said. Speakers criticized conventional privacy policies as not useful for most users, but Lynch emphasized the importance of meeting the needs of active consumers, who demand detailed information and want a good deal of choice. Privacy policies must be supplemented, not junked, he said.