Today’s rapid proliferation of location data needs to be seen in the light of contextual integrity and the legal concept of purpose binding. These are side constraints on the free flow of information, entailing a balancing act between the liberties of citizens and the free flow of information.
The challenge is not only that our Big Data Space and the Onlife World turn contexts into moving targets. More importantly, the context of economic markets tends to colonize the framing of other contexts, thus also disrupting the protection offered by purpose binding.
To safeguard informational privacy we need to engage in new types of boundary work between e.g. health, politics, religion, work on the one hand, and economic markets on the other. This eventually should enable us to sustain legitimate expectations of what location messages are appropriate as well as lawful in a particular context.
Professor Mireille Hildebrandt suggests the following new definition:
“Informational location privacy is the freedom from ‘raw’, networked and/or ‘processed’ location data of the referent, the sender, the addressee or the receiver of a message being shared with others without consent or necessity, and the freedom from such location data being shared for purposes incompatible with the explicitly specified and legitimate purpose for which it was first collected.”
If we take the example of Apps on smartphones as a new socio-technical practice, we can describe a series of (new) information flows. These concern location data (temporarily) stored on the device that are sent from the device to app developers, app owners, app stores, Operating Systems and device manufacturer plus third parties such as providers of analytics and advertising networks. It should be clear that we are dealing with observed data, because most users do not intend to send their location data to any of these parties, though they may have provided formal consent in order to get the service they want from the app. This also means that we are talking about messages that are sent from a device to another computing system, enabled by so-called Application Programming Interfaces (APIs) that ‘offer access to the multitude of sensors which may be present on smart devices’, e.g. ‘a gyroscope, digital compass and accelerometer to provide speed and direction of movement; front and rear cameras to acquire video and photographs; and a microphone to record audio. (…) proximity sensors. Smart devices may also connect through a multitude of network interfaces including Wifi, Bluetooth, NFC or Ethernet. Finally, an accurate location can be determined through geolocation services.’ Clearly, the different types and the amount of data that is sent indicates that location data can easily be networked with other data (the unique identifiers of the device, content data from the address book, stored pictures, credit card and payment data, phone call logs, browsing history and the more) and further processed to enable, for instance, targeted advertising or simply the sale of such ‘processed’ location data to large data brokers (who may share them with online social networking sites). The relevant information flows are not limited to those between device and app service provider, but will be followed by a number of secondary, tertiary and further flows that are increasingly invisible and unforeseeable.
Mireille Hildebrandt is Professor of Smart Environments, Data Protection and the Rule of Law at Radboud University Nijmegen.