Location & Privacy: Waiting for the Other Shoe to Drop

During the Place Conference New York, we had two great discussions about privacy and location. There was little unanimity, however, with some speakers arguing that forthcoming US privacy rules would not be as burdensome as Europe and others asserting that California’s new law as well as anticipated federal rules would significantly impact digital marketing in the US.

Privacy has long been an issue marketers have not wanted to deal with. But they can no longer avoid it, first with GDPR (and the forthcoming ePrivacy rules) in Europe and now with the California Consumer Privacy Act, set to take effect on January 1, 2020.

I have argued that because location intelligence companies, including Google and Facebook, are not educating consumers about how location is being used and how it benefits them, they have lost control of the narrative. That narrative is now being shaped by press reports that double as exposés about how location data are being collected or used in undisclosed ways.

Recent examples include:

The “apps” piece (NY Times) just came out today. Here’s a representative excerpt:

An app on the device gathered her location information, which was then sold without her knowledge. It recorded her whereabouts as often as every two seconds, according to a database of more than a million phones in the New York area that was reviewed by The New York Times. While Ms. Magrin’s identity was not disclosed in those records, The Times was able to easily connect her to that dot.

The app tracked her as she went to a Weight Watchers meeting and to her dermatologist’s office for a minor procedure. It followed her hiking with her dog and staying at her ex-boyfriend’s home, information she found disturbing.

The article is pretty thorough and contains some quotes and perspective from GroundTruth, Placed and a couple of other location-data firms. Overall, however, the tone of the piece is “conspiratorial”: companies track you without your knowledge and use your data in unauthorized ways, or at least ways that haven’t been explicitly disclosed.

No one, save Apple and to a lesser degree Google, has been educating consumers about any of this. And when I say “educating,” I mean saying anything at all. So when people are presented by journalists with examples of how their location data is captured and used (as in the NY Times’ piece) it comes across as “creepy” or “scary.”

There are two points to be made. The first is that there will likely be some sort of federal privacy legislation — this is an issue about which the left and the right can agree — the question is whether it comes out stricter or weaker than California and whether it preempts the state law accordingly. (Without a federal law, California will be the de facto national rule.) The second, more complex question is what disclosures and what sort of consumer consent will be required for the secondary use of location by third parties.

California’s law is currently opt-out rather than opt in (GDPR) regarding data collection and usage. But I believe we’re going to move to an opt-in regime. Consumers will opt-in to customize apps when there are clear benefits (e.g., Maps, travel apps) but the majority, if they have control, will not allow their data to be shared with third parties. There’s survey data that backs this up.

If we get an opt-in, GDPR style privacy framework then there will potentially be massive repercussions for the digital advertising ecosystem. Even under the current law, we’re likely to see more FTC enforcement in the coming year as awareness of location data usage builds among the public. As the Times’ article points out, under current FTC rules, use of location in undisclosed ways could be considered “deceptive” and therefore within the regulatory jurisdiction of the agency.

Regardless, change is coming.

Location data and privacy will be one of the key topics that we tackle at LSA19 this year. You won’t want to miss the practical and business implications of this controversial topic. 

Leave a Reply

(Comment Guidelines)



First Name

Last Name

Company Name

Email Address