Opinion On Locational Privacy from EU Committee


Another European Union privacy group has published a document with recommendations about location privacy the problem is that it will inform those who are influential in the EU but not really understanding the wider implications and unintended consequences. The paper is published by "Article 29 Data Protection Working Party", which is part of the justice division of the EU, and is formed by a representative in charge of data protection (privacy) in each EU member state. When the Article 29 group puts out an opinion, its recommendations can be followed by either individual EU states or the EU itself and they did set limits on how long search engines should be retaining their search data. 

The recommendations aren’t law but they do appear to go far above and beyond what's been discussed so far in the U.S. just as Google,  Apple, Sony and Nintendo are being interrogated about their policies when it comes to user data its use and ownership.

The key recommendations are:

  • Location information is sensitive data and service providers that use the data should obtain “prior informed consent.”
  • The consent should be specific; it can’t be obtained through “general terms and conditions.” Does the service aspire to help a smartphone user determine the answer to the question: “Where am I right now?” Or is the purpose to determine “Where are you, where have you been, and where will you be next week?” Either way, the user should give specific consent for the service she is using. If the purpose of the data use changes, consent must be obtained again.
  • Users should be “continuously warned” when their location data is being used, in order to prevent “secret monitoring.”  Consenting to a one-off service doesn’t mean a user has consented to a “regular subscription.”
  • Consent should be renewed after an appropriate period of time. “For instance, it would not be in order to continue to process location data where an individual had not actively used the service within the previous 12 months,” states the opinion.
  • Users must be able to withdraw their data, “without any negative consequences for the use of their device.” They should also be able to “access, rectify and erase possible profiles based on these location data.”
  • Obtaining consent is “problematic” with regard to employees and to children. Employers must be limited in any use of smartphones to track employees. “The employer must always seek the least intrusive means, [and] avoid continuous monitoring.” Employers should investigate whether it is “demonstrably necessary to supervise the exact locations of an employee.” In any case, employees must be able to turn off monitoring devices outside work hours and should be shown how to do so, the report states. 

There is always a balance between usability and security and there is always a trade off between free and paid and we must protect the naive from the dangerous. But why is it fair to put higher barriers for one type of trade?