Scribd
Upload
20 views

Privacy

The document discusses location privacy and vulnerable populations, describing how location data from apps can be misused to track victims of intimate partner violence or unauthorized immigration surveillance. It outlines laws and guidelines around location data collection, including requiring consent under the GDPR and protecting sensitive data like geolocation under the FTC and CCPA. Recommendations include privacy by design and limiting persistent or precise location tracking.

Uploaded by

Gaurav
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
20 views

Privacy

The document discusses location privacy and vulnerable populations, describing how location data from apps can be misused to track victims of intimate partner violence or unauthorized immigration surveillance. It outlines laws and guidelines around location data collection, including requiring consent under the GDPR and protecting sensitive data like geolocation under the FTC and CCPA. Recommendations include privacy by design and limiting persistent or precise location tracking.

Uploaded by

Gaurav
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Vulnerable populations and location privacy

• Vulnerable individuals as people who are more susceptible to privacy violations that result in
emotional, financial, or physical harm or neglect as a consequence of their race, class, gender or
sexual identity, religion, or other intersectional characteristics or circumstances that marginalize
them from society. (McDonald and Forte 2022)1
• Sometimes seemingly benign apps can have nefarious uses
• KidGuard, an app to keep tabs on children, used to surveil spouses, by stalkers tracking their
victims, etc.
• Spyware mSpy used in Intimate partner violence2
• The tracking app company mSpy told The New York Times that it sold subscriptions to more than
27,000 users in the United States in the first quarter of this 20183

1 McDonald, N., & Forte, A. (2022). Privacy and vulnerable populations. In Modern socio-technical perspectives on privacy (pp. 337-363). Cham:
Springer International Publishing.
2 Chatterjee, R., Doerfler, P., Orgad, H., Havron, S., Palmer, J., Freed, D., ... & Ristenpart, T. (2018, May). The spyware used in intimate partner violence.

In 2018 IEEE Symposium on Security and Privacy (SP) (pp. 441-458). IEEE.
3 https://www.nytimes.com/2018/05/19/technology/phone-apps-stalking.html
Location privacy – user controls
• In Laptops, networks –
• location spoofing software,
• use of VPN’s to both confuse location specific content (to watch Netflix US from India, for example),
as well as to genuinely protect vulnerable populations4
• In phone and other IOT or wearables –
• Location spoofing
• Fine-grained and coarse grained location control to balance fraud detection while protecting
individual location
• Difference in location enabled services (where location is checked once, but not stored) and
location tracking services
• Options to ‘Allow once’, ‘Allow always’, ‘Allow in background’
• Explicit location permissions managed through browser and phone operating system ; since
location depends on OS managed software, checking apps that track location is easier.

4 BoZhao & Daniel Z. Sui (2017) True lies in geospatial big data: detecting location spoofing in social media, Annals of GIS, 23:1, 1-
14, DOI: 10.1080/19475683.2017.1280536)
Celebrated cases

• The Border Patrol used commercial location data to round up


suspected illegal immigrants without a warrant.
• (https://www.washingtonpost.com/technology/2020/10/23/warrantless-cbp-phone-data-searches/)

• Adversarial activist groups can use location data tracking to target


specific individuals.
• (https://www.nbcnews.com/tech/security/priest-outed-grindr-app-highlights-rampant-data-tracking-rcna1493)

• Bangladesh Provided Myanmar Information that Refugee Agency


Collected
• (https://www.hrw.org/news/2021/06/15/un-shared-rohingya-data-without-informed-consent)

• Sometimes location disable doesn’t mean you aren’t tracked


(https://www.wsj.com/articles/SB10001424052748704123204576283580249161342)
Laws and guidelines – USA and GDPR
• The FTC considers precise geolocation data to be sensitive personal information, and failure to
reasonably protect this information, or failure to adequately disclose its collection or sharing, would
violate Section 5 of the FTC Act
• FTC regulates children's online privacy through the Children’s Online Privacy Protection Act (COPPA).
• Under CCPA ( California Consumer Privacy Act (CCPA) ) geolocation data is subject to notice and
transparency requirements, along with the consumer right to access, deletion, and opt-out. Therefore,
consumers have the right to request the types of location data being collected about them and how that
information is being used. They can also direct companies to delete their location data being collected
and restrict them from selling their location data to third parties.
• Under the GDPR, location data is considered to be any information collected by a network or service
about where an individual's device is or was located, including the following details:
• The latitude, longitude or altitude of the device
• The direction of travel of the user
• The time the location information was recorded
• This excludes GPS-based location information collected from mobile devices since this information is created and collected
independently of a network or service provider. Businesses can also only process location data with the authority of the
network or service provider if it is anonymous or if consent is obtained from the user.
Guidelines for protection
• International immigrants - Red Cross’s Handbook on Data Protection in Humanitarian Action -
Second Edition (https://www.icrc.org/en/publication/430501-handbook-data-protection-
humanitarian-action-second-edition)
• Self regulation in advertising (though not very successful)
• Geofenced location tracking within small radii only
• Ensure individual geolocation data is anonymized (but beware of the associated risks)
• Establish proper policies for third parties collecting geolocation data.
• Gain explicit consent before the collection of geolocation data.
• Australian govt’s guidelines for mobile developers. https://www.oaic.gov.au/agencies-and-
organisations/guides/guide-for-mobile-app-developers
• Privacy by design (iOS)
• block certain areas from being readable by an app’s location data, or give the user the option to block
them. For example, in a check-in app, a user’s home and school locations should always be set to private
by default.

You might also like