A Closer Look at Location Data Privacy and Pandemics
- Author: fpf.org
- Full Title: A Closer Look at Location Data: Privacy and Pandemics
- Category: articles
- Document Tags: #tech
- URL: https://fpf.org/2020/03/25/a-closer-look-at-location-data-privacy-and-pandemics/?utm_campaign=Data_Elixir&utm_source=Data_Elixir_279
Highlights
- Precise location data, or “mobility data,” involves information about how devices and people move through spaces over time (View Highlight)
- Even the most basic connectivity, or the ability to send and receive wireless content on devices, has to involve information about where those devices are located. For example, providers of wireless services know where devices are located because they provide the service through local cell towers and networks. At a more general level, an IP address (an identifier that is freely and openly shared by devices to send and receive Internet traffic) is often sufficient to know a person’s city and state. (View Highlight)
- Typically, we think of location data as having privacy implications when it is precise enough to single out an individual with reasonable specificity. This is often GPS-level specificity, and would usually not include information like an IP address. Measuring precise location depends in part on context, such as population density (for example, in a rural or remote area, a lower level of specificity might be more able to identify a person than if that same person were standing in Times Square). (View Highlight)
- Sometimes mobility or location data is tied to known individuals (such as a name associated with a cell phone subscription), and at other times it is tied to a unique identifier associated with a device. In these cases, individualized data is often referred to as “anonymized.” In other cases, if a dataset has been modified to show movements of groups of people (and not individuals), it is often referred to as “aggregated.” (View Highlight)
- The U.S. Supreme Court has also held that location data carries unique sensitivities because of its ability to reveal highly sensitive data about people’s behaviors, patterns, and personal life, most recently in Carpenter v. United States (requiring law enforcement to obtain a warrant for cell site location data). In the EU, access to location data is normally regulated as a matter of confidentiality of telecommunications, by the strict provisions of the ePrivacy Directive which require individual consent (with very narrow exceptions). (View Highlight)
- Precise location data is very challenging to fully “anonymize.” Many government entities are interested in gaining access to “anonymous” or “anonymous and aggregated” location data, to observe population-level trends and movements. While in some cases this is possible, it is very challenging to make any dataset of individual precise location data truly “anonymous.” Even if unique identifiers are used instead of names, most people’s behavior can be easily traced back to them — for example, from the location of their home (where the device “dwells” at night). These challenges are not insurmountable, but policymakers should be very careful not to overpromise, and should treat location datasets as private, sensitive information. This means it should be subject to administrative, technical, and legal controls to ensure it remains protected and limited in who can access it and for what purposes. (View Highlight)
- Even fully “aggregate” location data can sometimes be revealing. At times, even highly aggregated data about patterns of large groups of people (such as high-level heat maps) can inadvertently reveal information. In 2017, an interactive “Global Heat Map” of movements of users of the Strava fitness app inadvertently revealed the locations of deployed military personnel at classified locations. This incident highlights some of the wider ethical issues associated with open data and default public data sharing. In FPF’s privacy assessment of the City of Seattle, we recommended that companies thoroughly analyze all risks, not only risks to privacy and re-identification, but also to “group privacy,” and impact on other values such as data quality, fairness, equity, and public trust. (View Highlight)
- Representativeness and bias are uniquely important for location datasets. Unfair data processing practices involving geolocation fall disproportionately on marginalized and vulnerable communities. As such, heightened privacy protections are especially critical for these groups. Voluntary apps, for example, are more likely to capture affluent communities. For example, a mobile app ‘Street Bump’ was released by a municipal authority in an attempt to crowdsource data to work out which roads it needed to repair. However, affluent citizens downloaded the app more than people in poorer neighborhoods. As such, the system reported a disproportionate number of potholes in wealthier neighborhoods, and could have led the city to distribute or prioritize its repair services inequitably. In contrast, mobile phone carrier data may be more representative, but may miss more of the elderly, very young, or lowest income people who may not own cellphones. (View Highlight)