Bryan Cave Combines with Berwin Leighton Paisner to Form Bryan Cave Leighton Paisner LLP Learn More

Smartphones, websites, and other connected devices (e.g., “wearables”) increasingly request that consumers provide their geo-location information.  Geolocation information can refer to general information about a consumer’s location, such as his or her city, state, or zip code, or it can refer to precise information that pinpoints the consumer’s location to within a few feet, such as his or her GPS coordinates.

Organizations request geo-location information for a variety of reasons.  For example, many apps – such as transportation or delivery services – require geo-location in order to provide services that are requested by the consumer.  Other apps – such as mapping programs, coupon programs, or weather programs – require geo-location information in order to provide consumers with useful information.  Because such information has become intertwined, in many cases, with products and services, some organizations require the user to “Accept” or ‘“Agree”’ to the collection of geo-location information as a condition to using a device, application, or website.  In addition, when a smartphone app requests the geolocation of a user from the operating system of a smartphone device, the major smartphone devices automatically prompt a user to provide opt-in consent before the devices shares the location information.

Although there is currently no federal statute that expressly regulates the use, collection, or sharing of geolocation data, the FTC has taken the position that precise geolocation information is a form of “sensitive” personal information and has suggested that a failure to reasonably secure such information, or a failure to adequately disclose the collection or sharing of such information, may violate the Federal Trade Commission Act’s general prohibition against unfair or deceptive practices.1 In addition, Congress and state legislatures have considered several proposals that would expressly regulate geolocation information.

Every 10 Minutes

The frequency with which some apps, like weather apps, request geolocation information from a mobile device.2

91%

Percentage of adults who “agree” or “strongly agree” that consumers have lost control over how often personal information is collected and used by companies.3

73%

Percentage of times that an app will share geolocation information with an advertising network when asked.4

19

Number of FTC enforcement actions regarding geolocation practices.5

10-20%

How much more marketers pay for online ads that include geolocation information.6

 

What to consider if your organization collects geolocation information:

  1. What is the purpose for which geolocation information is being collected?
  2. Are you collecting the least granular (i.e., most general) location information possible in order to effectively provide a product or a service to the consumer?
  3. How often do you need to collect geolocation information?
  4. Is the user aware that geolocation information is being collected?
  5. Does the user have the ability to disable the collection of geo-location information?
  6. Does the user have the ability to control how long that information is maintained, how it is used, when it is shared, and whether it is associated with their name?
  7. Will the geolocation information be shared with third parties such as advertisers? If yes, how much and how often will you share the information?
  8. Is the geolocation information encrypted in transmission from the consumer and/or at rest within your organization?
  9. If you receive a request from a data subject to provide them with all of the geolocation information that you maintain about them, how will you respond?
  10. If you receive a request from law enforcement to provide you with all the geolocation information that you maintain about a particular data subject, how will you respond?

1. See, Jessica Rich, Prepared Statement of the Federal Trade Commission on S. 2171 The Location Privacy Protection Act of 2014 Before The United States Senate Committee on the Judiciary Subcommittee for Privacy, Technology, and the Law, (June 4, 2014), https://www.ftc.gov/system/files/documents/public_statements/313671/140604locationprivacyact.pdf.

2. Almuhimedi et. al., Your Location has been Shared 5,398 Times! A Field Study on Mobile App Privacy Nudging, http://www.normsadeh.com/file_download/179.

3. Mary Madden, Privacy and Cybersecurity: Key findings from Pew Research, Pew Research Center, (January 16, 2015), http://www.pewresearch.org/key-data-points/privacy/.

4. Elizabeth Dwoskin, Where were you 3 Minutes Ago? Your Apps Know, Wall Street Journal (May 23, 2015), http://blogs.wsj.com/digits/2015/03/23/where-were-you-3-minutes-ago-your-apps-know/.

5. IAPP Resource Center, Geolocation (last checked Jan. 2, 2018), https://iapp.org/resources/topics/geolocation/?mkt_tok=eyJpIjoiT0RVNU5ERmpNakl6TWpVMCIsInQiOiJWNStcL2JsVmRweE9WbW13Z1NUVFBBeHBwN.

6. Elizabeth Dwoskin, Where were you 3 Minutes Ago? Your Apps Know, Wall Street Journal (May 23, 2015), http://blogs.wsj.com/digits/2015/03/23/where-were-you-3-minutes-ago-your-apps-know/.