Location based services: “keeping track” of the regulatory developments  20 June  2011 Prof.dr. Kees Stuurman Tilburg Inst...
Contents <ul><li>Location based data and technologies  </li></ul><ul><li>The current EU regulatory framework, LBS and pers...
Location based data <ul><li>‘ Location based services ‘(LBS): threat or menace? </li></ul><ul><li>Navigation systems, vehi...
Data and technologies? <ul><li>LBS is based on different technologies </li></ul><ul><li>GPS, RFID, WiFi, GSM, UMTS, sensor...
Current EU regulatory framework <ul><li>LBS and data protection </li></ul><ul><li>European Union:  </li></ul><ul><ul><li>D...
Personal data <ul><li>Location data=“personal data”? </li></ul><ul><li>EC Directive 95/46 (Art. 2):  “Personal data shall ...
Art. 29 Working Group (1) <ul><li>Scope of the Opinion: </li></ul><ul><ul><li>Focus on three main infrastructures: GPS, GS...
Art. 29 Working Group (2) <ul><li>Privacy risks: </li></ul><ul><ul><li>“ A smart mobile device is very intimately linked t...
Art. 29 Working Group (3) <ul><li>Even when location data are being made available intentionally very significant risks mi...
Art. 29 Working Group (4) <ul><li>Legitimate grounds for processing of location data: </li></ul><ul><ul><li>Smart mobile d...
Art. 29 Working Group (5) <ul><li>Other aspects: </li></ul><ul><ul><li>Adequate information with regard to key elements (p...
The European regulatory framework <ul><li>Directives 95/46/EC, 2002/58/EC and  2009/136/EC  </li></ul><ul><li>“ a complex ...
US Developments <ul><li>The United States: </li></ul><ul><ul><li>Recent Congressional hearings. Issues include whether App...
Future outlook <ul><li>Current location based services primarily based on  tracking  of mobile devices </li></ul><ul><li>F...
Possible solutions <ul><li>LBS creates a number of legal challenges </li></ul><ul><li>“ Geo slavery” ahead?  </li></ul><ul...
Final Remarks <ul><li>Solutions? </li></ul><ul><ul><li>Technological,  e.g.: “privacy by design”, separating data layers (...
Location based services: “keeping track” of the regulatory developments  20 June  2011 Prof.dr. Kees Stuurman Tilburg Inst...
Upcoming SlideShare
Loading in …5
×

Kees stuurman

757 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
757
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Kees stuurman

  1. 1. Location based services: “keeping track” of the regulatory developments 20 June 2011 Prof.dr. Kees Stuurman Tilburg Institute for Law, Technology and Society (TILT) / Van Doorne attorneys Amsterdam [email_address]
  2. 2. Contents <ul><li>Location based data and technologies </li></ul><ul><li>The current EU regulatory framework, LBS and personal data; the Opinion of the Article 29 Working Group </li></ul><ul><li>Some US developments </li></ul><ul><li>Future outlook, challenges and possible results </li></ul><ul><li>Final remarks </li></ul>
  3. 3. Location based data <ul><li>‘ Location based services ‘(LBS): threat or menace? </li></ul><ul><li>Navigation systems, vehicle tracking, parcel tracking, coupons/advertising, ‘buddy finder’(…) </li></ul><ul><li>‘ Geoslavery’(Dobson/Fisher, 2003): “Society must contemplate a new form of slavery, characterized by location control” </li></ul><ul><li>Development of LBS requires a level playing field for the industry as well as an adequate protection of its users </li></ul><ul><li>How are we doing so far? Focus: data protection </li></ul>
  4. 4. Data and technologies? <ul><li>LBS is based on different technologies </li></ul><ul><li>GPS, RFID, WiFi, GSM, UMTS, sensor based systems, (….) </li></ul><ul><li>Various data streams: </li></ul><ul><ul><li>mobile/static device  sensor </li></ul></ul><ul><ul><li>sensors  back end systems </li></ul></ul><ul><ul><li>back end systems  applications </li></ul></ul><ul><ul><li>(…) </li></ul></ul>
  5. 5.
  6. 6.
  7. 7. Current EU regulatory framework <ul><li>LBS and data protection </li></ul><ul><li>European Union: </li></ul><ul><ul><li>Directive 95/46/EC (the Data Protection Directive) </li></ul></ul><ul><ul><li>Directive 2002/58/EC (the E-Privacy Directive) </li></ul></ul><ul><ul><li>Directive 2009/136/EC (‘the EU Cookie Directive”) </li></ul></ul><ul><ul><li>Various opinions of the Article 29 Data Protection Working Party, in particular: “Opinion13-2011 on Geolocation services on smart mobile devices “(16 May 2011) </li></ul></ul>
  8. 8. Personal data <ul><li>Location data=“personal data”? </li></ul><ul><li>EC Directive 95/46 (Art. 2): “Personal data shall mean any information relating to an identified or identifiable natural person (“data subject”)” </li></ul><ul><li>Can location data from smart mobile devices considered to be ‘personal data’? </li></ul><ul><li>Article 29 Data Protection Working Party. Opinion 13/2011 on Geolocation services on smart mobile phones (16 May 2011) </li></ul>
  9. 9. Art. 29 Working Group (1) <ul><li>Scope of the Opinion: </li></ul><ul><ul><li>Focus on three main infrastructures: GPS, GSM base stations and WiFi </li></ul></ul><ul><ul><li>Not: </li></ul></ul><ul><ul><ul><li>toll systems for cars, satellite navigation systems, geolocations of IP addresses ; </li></ul></ul></ul><ul><ul><ul><li>social networks </li></ul></ul></ul><ul><ul><ul><li>geolocation services based on technologies for interconnecting in small areas, (e.g. RFID, Bluetooth) </li></ul></ul></ul><ul><ul><li>Findings may however be equally relevant </li></ul></ul>
  10. 10. Art. 29 Working Group (2) <ul><li>Privacy risks: </li></ul><ul><ul><li>“ A smart mobile device is very intimately linked to a specific individual” (identifiable link) </li></ul></ul><ul><ul><li>This allows for gaining an intimate overview of the habits of the owner and building extensive profiles </li></ul></ul><ul><ul><li>The data collected could include ‘sensitive’ data (health, religion, political views, sex life, ...) </li></ul></ul><ul><ul><li>The technology allows for constant monitoring of location data </li></ul></ul>
  11. 11. Art. 29 Working Group (3) <ul><li>Even when location data are being made available intentionally very significant risks might arise (burglary, physical aggression, stalking, ...) </li></ul><ul><li>Main findings of the art. 29 Working Group: </li></ul><ul><li>“ Location data from smart mobile devices are ‘’personal data” </li></ul><ul><li>But also: the combination of a MAC address of a WiFi access point with its calculated location should be treated as ‘personal data’ </li></ul>
  12. 12. Art. 29 Working Group (4) <ul><li>Legitimate grounds for processing of location data: </li></ul><ul><ul><li>Smart mobile devices: prior consent (freely given, specific, informed data subject) </li></ul></ul><ul><ul><li>Mandatory acceptance of T&C’s or opt-out is inadequate </li></ul></ul><ul><ul><li>The device should continuously warn that geolocation is ‘on’ </li></ul></ul>
  13. 13. Art. 29 Working Group (5) <ul><li>Other aspects: </li></ul><ul><ul><li>Adequate information with regard to key elements (purpose, rights, identity of the data controller, ...) art 10 Data Protection Directive) </li></ul></ul><ul><ul><li>Data subject rights (access, update, rectify, erase) </li></ul></ul><ul><ul><li>Retention period (no longer than necessary for the purposes of collection and further processing) </li></ul></ul>
  14. 14. The European regulatory framework <ul><li>Directives 95/46/EC, 2002/58/EC and 2009/136/EC </li></ul><ul><li>“ a complex patchwork of legal rules applies to the provision of LBS” (Koops/Cuijpers, 2008) </li></ul><ul><li>Distinctions to be include: </li></ul><ul><ul><li>“ personal data” (Privacy Directive) </li></ul></ul><ul><ul><li>“ traffic data” (E-Privacy Directive) </li></ul></ul><ul><ul><li>“ location data” (E-Privacy Directive) </li></ul></ul><ul><li>Seven types of data can be distinguished (….) </li></ul><ul><li>Regulatory framework should be further developed </li></ul>
  15. 15. US Developments <ul><li>The United States: </li></ul><ul><ul><li>Recent Congressional hearings. Issues include whether Apple’s and Google’s applications running on their mobile platforms are compliant with the Children's Online Privacy Protection Act (COPPA) </li></ul></ul><ul><ul><li>Current situation is a patchwork of state regulation and industry self-regulation </li></ul></ul><ul><ul><li>Upcoming FCC/FTC educational forum on June 28, 2011 to help consumers understand the privacy implications of location-based services. </li></ul></ul><ul><ul><li>Impact of the proposed new federal privacy law </li></ul></ul>
  16. 16. Future outlook <ul><li>Current location based services primarily based on tracking of mobile devices </li></ul><ul><li>Future developments: </li></ul><ul><ul><li>ambient intelligence/”internet of things” </li></ul></ul><ul><ul><li>the use of any networked device could generate location data </li></ul></ul><ul><li>Reversed paradigm: which data will not qualify as ‘personal data’? </li></ul>
  17. 17. Possible solutions <ul><li>LBS creates a number of legal challenges </li></ul><ul><li>“ Geo slavery” ahead? </li></ul><ul><li>Location data much more ‘’sensitive” than perceived by some of the stakeholders </li></ul><ul><li>LBS: balance between benefits and (privacy)threats? </li></ul><ul><li>No “quick fix” for the current legal challenges </li></ul>
  18. 18. Final Remarks <ul><li>Solutions? </li></ul><ul><ul><li>Technological, e.g.: “privacy by design”, separating data layers (with each a different regime) </li></ul></ul><ul><ul><li>Regulatory (incl. self regulation) </li></ul></ul><ul><ul><li>Awareness/education </li></ul></ul><ul><li>Most urgent: public debate with the industry, consumers and all other stakeholders (e.g. FCC/FTC Forum ) </li></ul><ul><li>Looking for new standards for LBS </li></ul>
  19. 19. Location based services: “keeping track” of the regulatory developments 20 June 2011 Prof.dr. Kees Stuurman Tilburg Institute for Law, Technology and Society (TILT) / Van Doorne attorneys Amsterdam [email_address]

×