Tag Archives: smartphones

It’s time for a Location Data Code of Conduct: Four Needed Policies

Article first published as It’s Time for a Location Data Code of Conduct: Four Needed Policies on Technorati.

Later this month the European Union’s “Article 29 Working Party” is likely to issue new rules requiring mobile and smartphone providers to treat location-based data as Personally Identifiable Information (PII). Last week, Apple, Google and others testified on the Hill regarding their use—or misuse—of consumer’s location data from smartphones.

minority-report-monitoring_280px-sqWhat is driving the speed and intensity of this regulatory response? A simple fact: location-based data links mineable information context about what you are doing, when and where, in a manner that is explicitly tied to your identity. This is a watershed threat to privacy we have not seen since the commercialization of the Internet (when we had to pay for Internet access).

Providers of smartphones and mobile applications need to realize and proactively manage this. If not, life could quickly become much harder for them. This would not just be bad for providers; if would curtail innovation enjoyed by consumers.

Now is the time for industry to get out in front and establish a Code of Conduct guiding use of location-based data (just as the Mobile Marketing Association did years ago for text messaging). Not only could this head off costly regulation; it could also set the standard for a trusted consumer experience, significantly expanding the location-based service market.

An effective Location-based Data Code of Conduct should include the following policies:

1. Enable users to turn location services on or off easily and transparently

Location-based tracking and promotion is great when people are gift shopping. However, sometimes it is simply an invasion of privacy. This applies equally to the enterprise, as companies don’t want their mission-critical staff to turn off corporate mobile phones to protect their private lives when they are out of the office. Smartphone and mobile app providers need to enable people to turn location-based services on or off. Those who make this easy and transparent will establish market leadership.

2 Manage location-based data with the same fidelity as billing data

Yes, mobile phones have tracked where you were (and when) for years. However, smartphones now combine this with data about what exactly you are doing—in a format that can be mined for targeted marketing, legal discovery, and more. Providers need to treat these data as sensitively as they do with billing data: asking for consent before collection or sharing, encrypting it, guarding it behind firewalls, and anonymizing it for marketing analysis. Those who fail to do this will lose customers and face lawsuits or worse.

3. Require mobile app providers to adhere to the code of conduct

Right now people are “up in arms” because a few very visible, publicly traded companies are keeping their location-based data. Imagine what this will become when hundreds of “fly by night” companies exploit location data for identity theft, targeted burglaries and more? Industry needs to create an App Store-agnostic, straightforward certification program for location-based app providers. This will create the same trust needed for location services growth that similar self-policing programs did for eCommerce and mobile marketing.

4. Let customers request anonymization of their location data

Consumers are already worried about their online data be stored forever in search engines. However, search engines can only crawl data actively posted. Location-data is collected passively; removing the conscious “should I post this” moment. As a result, consumers face a Hobson’s Choice on consumers: do I forgo location services or permanently lose privacy? Providers need to enable customers to request anonymization of all stored location data. This process can be balanced (e.g., linked to continued service use). However, it must exist.

Location-based services are enormously exciting and present an unimagined range of applications for commerce, logistics, medicine and more. A smart Location Data Code of Conduct will enable all of use to exploit this innovation safely, profitably and effectively.

Article first published as It’s Time for a Location Data Code of Conduct: Four Needed Policies on Technorati.

The simple feature needed to take location-based services mainstream

Location-based services offer amazing future possibilities. Restaurants can offer just-in-time discounts to people nearby fill empty tables. Similarly, People can pick a restaurant where their friends are currently enjoying “Happy Hour”. Stores can offer targeted coupons to browsing customers based on their buying habits. Meanwhile, I can find a nearby store that has that hot Christmas gift in stock while I am shopping.

The success of companies like FourSquare demonstrates the potential of these possibilities. However, right now early adopters are the primary users of location-based services. Many mainstream consumers refuse to use them. Why? Because they do not trust location-based services (yet).

Why many still fear location-based services

What is the cause of this mistrust? Fear of losing control of offline privacy. Most of us now accept that information they post to the Internet could likely be publicly available (how much Generation Y cares about this vs. the Baby Boomer generation is an entirely different debate). However, very few want their offline activities (which stores they visit, where they are driving, etc.) to be readily available as well. minority-report-monitoring_280px-sqThis is an understandable fear as this information could be exploited for a variety of very bad purposes: from thieves breaking into your house while you are away to the scary advertising future depicted in the movie Minority Report.

This fear and mistrust will only increase as many new players enter the location-based services market. Some will only use your location services when you explicitly approve this; others will “store your approval” using your information without explicit notice (you can see this already in many location-based apps). Some will carefully protect it; others will have data breaches that disclose months of data on what you were doing, when, and where. Some will even sell your data to third parties (perhaps not initially, but when new sources of revenue are needed, after “notifying you of changes to their Terms of Service”). The consequences of these disclosures on privacy are enormous.

A simple way to address these fears

There are many ways to address these fears: industry (or legal) standards for use of location information, creation of registry of trusted location-based applications, etc. However, these means of protection are complicated (wherever there is complexity, there are many sources for unexpected outcomes). They also require consumers to trust location-based service providers to do the right thing, without error.

smartphone_switch_180pxHowever, there is a simple way to give back consumers assured control over when their smartphones are sharing location information with apps: the physical on/off switch. Give people an easy way, with the flick of a switch, to turn off sharing of location data with any applications. Let them check whether they are sharing or not with a simple, binary glance. Don’t make people navigate through multiple menus. Make it as simple as a light switch.

There is a well-known precedent for this: the silent/vibrate button. When mobile phone came out, people needed to make them silent when they went into meetings, movies and restaurants. Those mobile phones that made this simple were loved; those who didn’t were not. The love of the physical toggle switch reared its head again a few months ago when Apple removed the ability to lock iPad rotation with it’s physical switch (they restored the feature after much uproar in the next point-release).

This is NOT a placebo

I know, many of you are saying this is a simple placebo. Mobile phones already broadcast your location to your telecomm provider. However, the sharing and management of this location information is different than that used by location-based service application. It is not broadcast over the Internet (“Jim just check-in to…”); it is only attainable via search warrant or similar legal procedure. In addition, it is approximate (Verizon knows my location, plus or minus X meters; I do not positively confirm which store I am in); location-based app data is tagged with metadata that makes it much more exploitable.

Instead it will let location-based services “Cross the Chasm

Putting a location services on/off toggle switch into the next major release of smartphones will make it far less scary for mainstream consumers to adopt location-based service. Having this physically in smartphones will create infrastructure from which application developers and consumers will all benefit. The first mobile provider who does this will definitely gain an advantage, especially if it does so in partnership with an App Store-delivered application provider. Will it happen first on Android (due to its openness) or it will happen first on iOS (as part of Apple’s holistic user experience)? Or will Nokia’s sufficiently influence Microsoft to provide this (Finland is known for its strong privacy protection)?