Since the use of location data on mobile phones and other portable electronic devices is a relatively new development in technology, no laws yet exist to address the issues associated with location privacy. Nonetheless, location privacy can be viewed from a legal standpoint as an extension of physical privacy and a subset of online or information privacy.
The earliest hint at a right to privacy comes from the Fourth Amendment to the U.S. Constitution. Although the word “privacy” is never mentioned in the text, the amendment states that
“the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”
This guarantee is, of course, directed at privacy in the physical realm at a time when the Internet did not exist, but has since been interpreted to include the virtual realm.
Because privacy is a broad term that can encompass many things, the courts have traditionally determined whether a case is considered an invasion of privacy based on expectation and the presence of third parties. It boils down to a question of whether a person can reasonably expect that no one else will find out about their private information without intent. For example, someone walking down a public street talking on a cell phone cannot assume that his or her whereabouts are unknown, since there are plenty of people that could see them on the street, but he or she can expect the contents of the phone conversation to be private. This traditional interpretation of privacy, however, poses some problems when it comes to location privacy. With the ability of mobile devices to pinpoint almost exactly one’s geographic location, it is possible to know someone’s location without being within the range of eyesight and, as a result, is quite unexpected.
Several federal laws have been passed to address specific issues of privacy concerning
health (Health Insurance Portability and Accountability Act), finance (Right to Financial Privacy Act), education (Family Educational Rights and Privacy Act), and children (Children’s Online Privacy Protection Act), but not yet online privacy in general.
The infringement of privacy by the government has also been regulated through the
- Privacy Act: protects the privacy of records collected and maintained by the federal government, allows individuals access to these records but limits disclosures to third parties
- Wireless Communications and Public Safety Act: limits the use of the E911 location tracking on cellphones to emergencies only, unless by explicit authorization
- Electronic Communications Privacy Act and Amendments: requires a warrant for a police officer to request data records on a consumer from a communications provider.
Since 2001, several bills concerned with commercial information privacy have been proposed, including the
- Location Privacy Protection Act – proposed July 11, 2001 to the Senate, died in committee
- Best Practices Act – introduced to the House of Representatives on February 10, 2011, still under consideration
- Do Not Track Me Online Act – introduced to the House of Representatives on February 11, 2011, still under consideration
- Commercial Privacy Bill of Rights Act – introduced to the Senate by Senators John Kerry and John McCain on April 12, 2011, still under consideration
- Consumer Privacy Protection Act – proposed April 13, 2011 to the House of Representatives, still under consideration
- Do-Not-Track Online Act – introduced to the Senate by Senator John Rockefeller on May 9, 2011, still under consideration
- Geolocational Privacy and Surveillance Act – preparing to be introduced to the Senate by Senator Ron Wyden
All of these bills address and promote some form of
- Transparency: informing the user of what information will be collected, what the information will be used for, how long the information will be kept, and whether the user will be able to access, modify, or request the removal of the information later
- Consumer Consent: allowing the user to choose whether or not to share that information
- Use Limitation: using consumer information only for the purposes specified and not sharing the data with third parties unless with explicit consent
- Data Minimization: only collecting the information necessary for a product to perform its task
- Data Integrity and Quality: ensuring that the data collected is accurate and correctly reflects the person from whom it is collected
- Security: taking extra precautions to make sure that the data is not accessible or personally identifiable except to those with authorization and that the data is destroyed properly when no longer necessary
- Accountability: placing the responsibility of maintaining these standards of information collection on one or a few people
None of these bills so far, however, have succeeded in being passed.
In the past, regulation for information privacy, including location privacy, has been avoided for fear of stifling innovation and the growth of the online industry, but it has become clear that some guidelines are necessary in order to maintain consumer trust and to avoid expensive and wasteful litigation. Since commercial entities, government, and the public all have personal interest in the privacy issue, it is important that the resolution be a joint effort by all parties.
For sources, see our References page.