GAO-12-93, September 11, 2012
What GAO Found
Using several methods of varying precision, mobile industry companies collect location data and use or share that data to provide users with location-based services, offer improved services, and increase revenue through targeted advertising. Location-based services provide consumers access to applications such as real-time navigation aids, access to free or reduced-cost mobile applications, and faster response from emergency services, among other potential benefits. However, the collection and sharing of location data also pose privacy risks. Specifically, privacy advocates said that consumers: (1) are generally unaware of how their location data are shared with and used by third parties; (2) could be subject to increased surveillance when location data are shared with law enforcement; and (3) could be at higher risk of identity theft or threats to personal safety when companies retain location data for long periods or share data with third parties that do not adequately protect them.
We would like to invite you to read Geodata Policy’s first guest blog posting by Robert Gellman. This article is timely given the update of the Electronic Communications Privacy Act (ECPA) and the recent Federal Trade Commission (FTC) report, Protecting Consumer Privacy in an Era of Rapid Change, which highlights the sensitivety of “precise geolocation data” (p. 61). Robert Gellman is a privacy and information policy consultant in Washington, DC: http://www.bobgellman.com/.
Is Privacy in Public a Contradiction in Terms?
Robert Gellman, Privacy and Information Policy Consultant
February 21, 2011
Is there such a thing as privacy in a public space? When you walk down the street, anyone can observe you, make notes about your location, appearance, and companions, and even take your picture. If so, then it would seem that you have no reasonable expectation of privacy.
However, most people would be unhappy if they found themselves followed all day. For most of human existence, this type of surveillance was impractical because of the great expense of following someone around.
This is a good place to pause and say that this is a short essay and not a law journal article. The law of surveillance is complex, and the answers can be different if the person doing the surveillance is a government agent, an employer, or an average person, or if you’re taking pictures or recording conversations.
Is privacy in public a case of the irresistible force meeting the immoveable object? Should your location privacy deserve some protection even when you are in public?
These questions are much harder to answer today because of technology. It’s cheap to track people in public today. There’s no need to pay a private detective. Technology does it. First on the list are cell phones. Your cell phone broadcasts your location constantly to a cell phone tower, and your provider knows where you are. Cameras are everywhere, taking pictures in malls, parking lots, building corridors, on the street, at red lights, and on the highway. Facial recognition software is getting better all the time. Photos placed on the Internet can be scanned to identify individuals as well as the date and GPS coordinates where the photos were taken. Digital signage in stores and elsewhere can record behavior, approximate age, gender, and ethnicity, and can sometimes identify individuals using a variety of devices. I recommend a pioneering report on digital signage by my colleague Pam Dixon. It’s at the World Privacy Forum website.
Even though not all the technological and organizational links are yet in place, it’s not hard to envision the possibility that, in the near future, every action you take outside your home may be observed and recorded by someone. This is more or less what happens today online, where there is a good chance that some website or advertiser (and probably many more than one) records every site you visit, every page and ad you see, and every click you make.
California high court: Retailers can’t request cardholders’ ZIP code
By Greg Botelho, CNN, February 10, 2011 9:43 p.m. EST
(CNN) — California’s high court ruled Thursday that retailers don’t have the right to ask customers for their ZIP code while completing credit card transactions, saying that doing so violates a cardholders’ right to protect his or her personal information. Many retailers in California and nationwide now ask people to give their ZIP code, punching in that information and recording it. Yet California Supreme Court’s seven justices unanimously determined that this practice goes too far. …
For full text of the story, visit California high court: Retailers can’t request cardholders’ ZIP code – CNN.com.
- California high court: Retailers can’t request cardholders’ ZIP code (cnn.com)
- My Zip Code is My Business, Not Yours, California (alligatorfarm.wordpress.com)
- Calif. Supreme Court to Retailers: Stop With the ZIP Code Questions (blogs.wsj.com)
- ZIP Code Questions At The Register: Court Rules On Side Of Consumer Privacy (huffingtonpost.com)
- California court rules against Williams-Sonoma (reuters.com)
Recommendations for a Comprehensive Privacy Protection Framework | Center for Democracy & Technology
Recommendations for a Comprehensive Privacy Protection Framework
A Briefing On Public Policy Issues Affecting Civil Liberties from The Center For Democracy and Technology, February 4, 2011.
1) Baseline Privacy Legislation Needed
2) Safe Harbor Coregulatory Approach to Consumer Privacy Legislation
3) Rulemaking Authority for the Federal Trade Commission
4) Contours for Baseline Privacy Legislation
5) Innovation Needed for “Do Not Track,” But Not Complete Solution
The Commerce Department‘s Internet Policy Taskforce released a “Green Paper” outlining a proposal for a new privacy framework and asked the public to comment on the substance of the paper. CDT believes the paper is an important first toward establishing a long overdue comprehensive privacy protection framework in the United States. This Policy Post outlines the recommendations CDT submitted in response to the paper.
This Policy Post is online: http://cdt.org/policy/recommendations-comprehensive-privacy-protection-framework
Full text of the article via Recommendations for a Comprehensive Privacy Protection Framework | Center for Democracy & Technology.
- Will U.S. Government Crack the Whip on Online Privacy? (pbs.org)
- Is A “Privacy Bill of Rights” and New Federal Office the Answer to Our Online Privacy Woes? (socialtimes.com)
- Time to double team on Net privacy (politico.com)
- Christopher Wolf: Privacy Peace Talks (huffingtonpost.com)
- Groups, Firms Weigh In On Privacy Report (techdailydose.nationaljournal.com)
- Privacy Groups Critical Of Commerce Privacy Report (techdailydose.nationaljournal.com)
Consumer Privacy, Energy Use Data, and Trust
Posted January 31, 2011 by Christine Hertzog
Consumer privacy concerns are an important focus of many Smart Grid conversations. Everyone agrees that consumers need to be educated about the entirely new types of energy use data that can be created with Smart Grid technologies. While we must ensure that consumers are aware of their rights and responsibilities regarding energy use data, there is less conversation ongoing about educating utilities and vendors to deploy programs to ensure data privacy, and there are no conversations ongoing about who owns the value of that energy use data. …
For full text of the article via Consumer Privacy, Energy Use Data, and Trust | The Energy Collective.
- Utilities work to prevent privacy backlash over smart grid (theglobeandmail.com)
- Privacy Professor on Smart Grid Privacy Standards (geodatapolicy.wordpress.com)
- Joint Comments on Proposed Smart Grid Privacy Policies and Procedures (geodatapolicy.wordpress.com)
- Why Smart People Are Suspicious of Smart Meters (blogs.forbes.com)