Geolocation towards the user and the company
Source (M2M Global Solutions)
How the data protection law and geolocation work together? How the company can geolocate its users without violating their private life? How the user can block geolocation?
Geolocation is the follow-up of movements of an individual thanks to the positioning of their device (in particular their mobile phone) in time and space. The phone locates us exactly by using a combination of mobile networks such as Wi-Fi, Bluetooth and GPS for example. Data of geolocation is the most collected data. It represents more than 30 % of the events detected by our tools. This data is considered as personal data in France and the European regulation of personal data protection plans to do the same on EU level. The problem concerns the abuses and the drift further to this geolocation. In fact, the initial purpose is to find an address. Finding people nearby is not questionable.
For example, over 3 months, an application reached more than a million times the geolocation, which represents on average near one access per minute. Nevertheless these are not applications for navigation, so this seems disproportionate and constitutes a risk for the geolocated person. This goes without mentioning the question of protection of the private life of the user who becomes tracked by its telephone all the time. This is the Data protection law of 1978 which governs the protection of personal data and private life. For the editors of applications, it implies collection and processing of personal data. This practice could consist in exceeding the justifiable functions by collecting the data of the users for marketing purposes of resale to a third party. The data of geolocation is sometimes used to send an advertising targeted at the mobile phone of the user. This targeted marketing is not forbidden by the law.
Pointers for not being geolocated on your mobile
The manner not to be located: the user’s authorization is a mandatory precondition for company of a mobile application which collects location data. It is represented by a checkbox at the time of downloading the application for example. The user can also deny his/her consent in the future and delete the data of location concerning him/her. On iPhone, the applications can ask for the access to the location with “always, “when the application is underway» or “never”. It depends on your needs linked to the application but it is useless and risky to be systematically geolocated.
On Android, you can also block the geolocation by not locating the device. It is also necessary to be very careful about Google and especially about Gmail, having it on your phone, which draws you via your Google account. It is necessary to go to the option “to deactivate the history of the positions» on the Dashboard of your account.
Editors are obliged to be careful when they create an application with a service of geolocation. Indeed, the operation of the geolocation implies the collection and the personal data processing, submitted to the regulations on the protection of the private life.
Pointers to editors of geolocation application
According to the data protection law of 1978, the editors of geolocation applications are those in charge of treatment. The data processing must be declared to the National Commission for Information Technology and Civil Liberties (CNIL) before the service is put in operation. The CNIL besides strengthening the control in companies proposing services based on this technology, ensures the respect for users’ privacy. Concerning the data processing of geolocation, various principles of personal data protection must be respected. For instance the purpose of data processing must be clear and people must be informed in case their data was forwarded to storekeepers or administrator of cartographic basis.
Points of view of the CNIL and the G29
Also, the CNIL recommends some good practices: allow the user to refuse that an application geolocates in a systematic way; allow the user to select which application can use the geolocation or to choose precisely the people who can reach the information of it. G29 (European workgroup of the article 29 of the directive of 1995 on the data protection) published a notice in May, 2011 including good practices for the editors of mobile applications of geolocation. This group recommends to companies wishing to create a service of geolocation to inform clearly the users about the reasons why they want to use their data and to obtain their consent for each of these reasons. The editor has to offer the possibility to the Internet users to choose the level of geolocation. There’s also the necessity that when the service of location is activated, an icon should be implemented and be visible permanently on every screen, indicating that the services of location are activated. Finally, it is necessary to offer the possibility to the Internet users to deny their consent at any time, without having to leave the application and to be capable of deleting easily and in a definitive way any data of stored location. Geolocation can help you but can spy you, so let’s be vigilant.
Charles-Antoine Jaubert – Etudiant en Master 2 Droit de l’économie numérique à l’Université de Strasbourg. Juriste, passionné par le droit des nouvelles technologies et les questions relatives aux données personnelles, propriété intellectuelle, réseaux sociaux, médias et musique en ligne