We know where you are…

Should information about where you are at any (and every) moment be subject to data protection legislation in the same way as other personal data? An influential EU advisory group thinks that it should.

The EU Working Party on the Protection of Individuals with regard to the Processing of Personal Data recently approved a document which proposes safeguards on the use of geolocation services on smart mobile devices. As the authors point out:

“Since smartphones and tablet computers are inextricably linked to their owner, the movement patterns of the devices provide a very intimate insight into the private life of the owners. One of the great risks is that the owners are unaware they transmit their location, and to whom.”

The release of the document is timely since both Apple and Google have recently come under fire for collecting location information from smart devices without the knowledge or consent of the users.

The Working Party concludes that there can only be a legitimate ground for the use of location information if the data subject has given their prior informed consent. The ways in which such consent might be obtained and maintained by service providers form a key focus of the EU document, especially in relation to employees and children. The Working Party recommends that location services should be turned off by default, with the owners of smart devices having to opt in if they wish to make use of these services.

The Working Party’s report currently has the status of an ‘opinion’, but it is surely only a matter of time before many of their recommendations find their way into an EU Directive and thus, ultimately, into UK law.