PlaceConf: 5 Things Marketers Must Know about Location & Privacy
September 18, 2017 | Contributed by: Megan Hannay
Today at the Place Conference in New York City, Stacey Gray is the Policy Counsel on the Future of Privacy Forum discussed the issues related to location data privacy. The Future of Privacy Forum is a DC-based nonprofit, working with 140+ companies, as well as academics and advocates, to develop business practices.
Gray presented five points the business community should understand when it comes to consumer privacy.
Privacy is not secrecy; it’s actually about transparency
Privacy is no longer about keeping secrets; it’s now about informing consumers what’s being used, and selecting to only utilize data that’s essential for an optimized experience.
The basic principles of privacy include:
- Transparency – letting users know what’s going on.
- Control – can users get to their own data?
- Focused Collection – collecting only the data you absolutely need.
- Respect for Context – if you’re asking for location on a mobile phone, and you’re a flashlight app… not so great.
- Access & Accuracy
Privacy Risks > Law
Privacy risks are bigger than getting sued. Risks can be financial, affect a company’s reputation, cause physical and dignitary risks, and can affect future legislation.
Not all locations are the same
Gray has argued with data scientists who claim that there’s nothing inherently sensitive about a location. But in reality, very sensitive information can be communicated by tracking locations. Location targeting can also be taken advantage of, in inappropriate, such as political ads at a reproductive health facility.
Defining “Personal Data” is harder than you think
Personal used to mean “name and address + social.” Now, it’s anything reasonably linked to a personal computer or a device, and the courts and lawmakers are drawing increasingly stricter definitions. Under US federal laws, persistent identifiers (such as cookies) count as personal information. Even the disclosure of two locations – home and work – can probably be enough to identify a person, according to the U.S. Supreme Court.
On May 25, 2018, the EU law will be enacted, with stricter privacy restrictions on any service targeted at EU residents
These services could be as a simple as a web page that’s in German or French. If you’re a vendor providing data to companies who offer services to EU residents, it could apply to you as well.
Who needs to pay attention to privacy?
Gray explained that brands and publishers that can be punished the most from privacy violations, even if they’re not directly involved in the development of the service. B2B businesses can avoid the ire of consumers, but brands who use apps or services that violate privacy laws or ethics stand to have their reputation burned (*cough* Experian). Publishers can be on the hook for violations, if the vendor commits the violation, even without the publishers’ knowledge. Gray advocated for Brands to understand who their partners are, and what they’re doing.