Printer friendly version
Location, location, location
04 April 2011
Precise geographical data that pinpoints your whereabouts at any given time should be legally defined as sensitive data on a par with one's genetic information, according to legal experts in Denmark. The EU is investigating what kind of data should be covered by legislation and the team argues that so-called "geo data" must be included in this assessment.
Writing in the International Journal of Private Law, Pernille Wegener Jessen of the Department of Law, at Aarhus University, suggests that developing a consistent definition of sensitive data at the national and international level remains a challenge in terms of protecting the privacy of users of an increasing number of online and electronic services. General geographic data need not be considered but precise, real-time location data are of concern and the issue of ownership and access to such data must be addressed.
Currently, no consensus exists for the definition of "sensitive data" in data protection and privacy law either in the EU or the USA. However, given the status of both regions as major trading partners it is essential in the digital age that such consensus is formed soon while legislation is in a transitional period. Consistent legislation would not only protect consumers and sellers, but also improve confidence across the whole of e-commerce and mobile computing.
Jessen points out that the definition of "sensitive data" in privacy laws will "shape the content of consumer notices and the nature of requests for consent made by behavioural advertisers before collecting, using or sharing customer data for profiling purposes." If there's an "app" for it, consumers like to know what data is being gathered by the provider, after all. Mobile devices are equipped increasingly with location technology, including Global System for Mobile Communications (GSM), Third Generation Mobile Communication System (3G), General Packet Radio Service (GPRS), and Global Positioning Systems (GPS).
Jessen points out in what particular situation geo-tracking might be most sensitive. "The intrusion and loss of integrity related to the processing of geographic location data are apparent when customers are subject to constant monitoring or when geographic location data are combined with other sensitive or demographic data, such as the location of bars, casinos, red-light districts," she says. She adds that "Personal profiles are established for behavioural advertising purposes on this basis." Even anonymised location data might compromise and individual's privacy, so it too must be subsumed in new privacy legislation.
An assessment of the issues leads to the conclusion that too broad a definition of location privacy would stifle e-commerce and mobile applications to the detriment of users and providers. Conversely, to narrow a definition would not provide adequate protection of personal and sensitive data. Either way legislators grappling with new technologies must consider the consequences for all "stakeholders" when defining what is and what is not sensitive in the drafting of new privacy and data protection laws.