kees stuurman
DESCRIPTION
TRANSCRIPT
![Page 1: Kees stuurman](https://reader034.vdocuments.mx/reader034/viewer/2022042513/546b3210af7959651f8b5917/html5/thumbnails/1.jpg)
Location based services: “keeping track” of the regulatory developments
20 June 2011
Prof.dr. Kees StuurmanTilburg Institute for Law, Technology and Society
(TILT) / Van Doorne attorneys Amsterdam
c.stuurman@uvt
![Page 2: Kees stuurman](https://reader034.vdocuments.mx/reader034/viewer/2022042513/546b3210af7959651f8b5917/html5/thumbnails/2.jpg)
2
Contents
• Location based data and technologies
• The current EU regulatory framework, LBS and personal data; the Opinion of the Article 29 Working Group
• Some US developments
• Future outlook, challenges and possible results
• Final remarks
![Page 3: Kees stuurman](https://reader034.vdocuments.mx/reader034/viewer/2022042513/546b3210af7959651f8b5917/html5/thumbnails/3.jpg)
3
Location based data
• ‘Location based services ‘(LBS): threat or menace?
• Navigation systems, vehicle tracking, parcel tracking, coupons/advertising, ‘buddy finder’(…)
• ‘Geoslavery’(Dobson/Fisher, 2003):“Society must contemplate a new form of slavery, characterized by location control”
• Development of LBS requires a level playing field for the industry as well as an adequate protection of its users
• How are we doing so far? Focus: data protection
![Page 4: Kees stuurman](https://reader034.vdocuments.mx/reader034/viewer/2022042513/546b3210af7959651f8b5917/html5/thumbnails/4.jpg)
4
Data and technologies?
• LBS is based on different technologies
• GPS, RFID, WiFi, GSM, UMTS, sensor based systems, (….)
• Various data streams:– mobile/static device sensor– sensors back end systems– back end systems applications– (…)
![Page 5: Kees stuurman](https://reader034.vdocuments.mx/reader034/viewer/2022042513/546b3210af7959651f8b5917/html5/thumbnails/5.jpg)
5
![Page 6: Kees stuurman](https://reader034.vdocuments.mx/reader034/viewer/2022042513/546b3210af7959651f8b5917/html5/thumbnails/6.jpg)
6
![Page 7: Kees stuurman](https://reader034.vdocuments.mx/reader034/viewer/2022042513/546b3210af7959651f8b5917/html5/thumbnails/7.jpg)
7
Current EU regulatory framework
• LBS and data protection
• European Union:
– Directive 95/46/EC (the Data Protection Directive)
– Directive 2002/58/EC (the E-Privacy Directive)
– Directive 2009/136/EC (‘the EU Cookie Directive”)
– Various opinions of the Article 29 Data Protection Working Party, in particular: “Opinion13-2011 on Geolocation services on smart mobile devices “(16 May 2011)
![Page 8: Kees stuurman](https://reader034.vdocuments.mx/reader034/viewer/2022042513/546b3210af7959651f8b5917/html5/thumbnails/8.jpg)
8
Personal data
• Location data=“personal data”?
• EC Directive 95/46 (Art. 2):
“Personal data shall mean any information relating to an identified or identifiable natural person (“data subject”)”
• Can location data from smart mobile devices considered to be ‘personal data’?
• Article 29 Data Protection Working Party. Opinion 13/2011 on Geolocation services on smart mobile phones (16 May 2011)
![Page 9: Kees stuurman](https://reader034.vdocuments.mx/reader034/viewer/2022042513/546b3210af7959651f8b5917/html5/thumbnails/9.jpg)
9
Art. 29 Working Group (1)
• Scope of the Opinion:
– Focus on three main infrastructures: GPS, GSM base stations and WiFi
– Not: • toll systems for cars, satellite navigation systems,
geolocations of IP addresses ;• social networks• geolocation services based on technologies for
interconnecting in small areas, (e.g. RFID, Bluetooth)
– Findings may however be equally relevant
![Page 10: Kees stuurman](https://reader034.vdocuments.mx/reader034/viewer/2022042513/546b3210af7959651f8b5917/html5/thumbnails/10.jpg)
10
Art. 29 Working Group (2)
• Privacy risks:– “A smart mobile device is very intimately linked to
a specific individual” (identifiable link)
– This allows for gaining an intimate overview of the habits of the owner and building extensive profiles
– The data collected could include ‘sensitive’ data (health, religion, political views, sex life, ...)
– The technology allows for constant monitoring of location data
![Page 11: Kees stuurman](https://reader034.vdocuments.mx/reader034/viewer/2022042513/546b3210af7959651f8b5917/html5/thumbnails/11.jpg)
11
Art. 29 Working Group (3)
• Even when location data are being made available intentionally very significant risks might arise (burglary, physical aggression, stalking, ...)
• Main findings of the art. 29 Working Group:
“Location data from smart mobile devices are ‘’personal data”
• But also: the combination of a MAC address of a WiFi access point with its calculated location should be treated as ‘personal data’
![Page 12: Kees stuurman](https://reader034.vdocuments.mx/reader034/viewer/2022042513/546b3210af7959651f8b5917/html5/thumbnails/12.jpg)
12
Art. 29 Working Group (4)
• Legitimate grounds for processing of location data:
– Smart mobile devices: prior consent (freely given, specific, informed data subject)
– Mandatory acceptance of T&C’s or opt-out is inadequate
– The device should continuously warn that geolocation is ‘on’
![Page 13: Kees stuurman](https://reader034.vdocuments.mx/reader034/viewer/2022042513/546b3210af7959651f8b5917/html5/thumbnails/13.jpg)
13
Art. 29 Working Group (5)
• Other aspects:
– Adequate information with regard to key elements (purpose, rights, identity of the data controller, ...) art 10 Data Protection Directive)
– Data subject rights (access, update, rectify, erase)
– Retention period (no longer than necessary for the purposes of collection and further processing)
![Page 14: Kees stuurman](https://reader034.vdocuments.mx/reader034/viewer/2022042513/546b3210af7959651f8b5917/html5/thumbnails/14.jpg)
14
The European regulatory framework
• Directives 95/46/EC, 2002/58/EC and 2009/136/EC
• “a complex patchwork of legal rules applies to the provision of LBS” (Koops/Cuijpers, 2008)
• Distinctions to be include:– “personal data” (Privacy Directive)– “traffic data” (E-Privacy Directive)– “location data” (E-Privacy Directive)
• Seven types of data can be distinguished (….)
• Regulatory framework should be further developed
![Page 15: Kees stuurman](https://reader034.vdocuments.mx/reader034/viewer/2022042513/546b3210af7959651f8b5917/html5/thumbnails/15.jpg)
15
US Developments
• The United States:
– Recent Congressional hearings. Issues include whether Apple’s and Google’s applications running on their mobile platforms are compliant with the Children's Online Privacy Protection Act (COPPA)
– Current situation is a patchwork of state regulation and industry self-regulation
– Upcoming FCC/FTC educational forum on June 28, 2011 to help consumers understand the privacy implications of location-based services.
– Impact of the proposed new federal privacy law
![Page 16: Kees stuurman](https://reader034.vdocuments.mx/reader034/viewer/2022042513/546b3210af7959651f8b5917/html5/thumbnails/16.jpg)
16
Future outlook
• Current location based services primarily based on tracking of mobile devices
• Future developments:– ambient intelligence/”internet of things”– the use of any networked device could generate
location data
• Reversed paradigm: which data will not qualify as ‘personal data’?
![Page 17: Kees stuurman](https://reader034.vdocuments.mx/reader034/viewer/2022042513/546b3210af7959651f8b5917/html5/thumbnails/17.jpg)
17
Possible solutions
• LBS creates a number of legal challenges
• “Geo slavery” ahead?
• Location data much more ‘’sensitive” than perceived by some of the stakeholders
• LBS: balance between benefits and (privacy)threats?
• No “quick fix” for the current legal challenges
![Page 18: Kees stuurman](https://reader034.vdocuments.mx/reader034/viewer/2022042513/546b3210af7959651f8b5917/html5/thumbnails/18.jpg)
18
Final Remarks
• Solutions?– Technological, e.g.: “privacy by design”, separating data
layers (with each a different regime)
– Regulatory (incl. self regulation)
– Awareness/education
• Most urgent: public debate with the industry, consumers and all other stakeholders (e.g. FCC/FTC Forum )
• Looking for new standards for LBS
![Page 19: Kees stuurman](https://reader034.vdocuments.mx/reader034/viewer/2022042513/546b3210af7959651f8b5917/html5/thumbnails/19.jpg)
Location based services: “keeping track” of the regulatory developments
20 June 2011
Prof.dr. Kees StuurmanTilburg Institute for Law, Technology and Society
(TILT) / Van Doorne attorneys Amsterdam
c.stuurman@uvt