Location Tracking Under Scrutiny
Technology Policy Brief #68 | By: Mindy Spatt | September 20, 2022
Header photo taken from: Minh Uong / The New York Times
Follow us on our social media platforms above
Browse more technology policy briefs from the top dashboard
Photo taken from: Anusuya Datta
All day, every day, our phones are tracking our locations, collecting minute by minute data on our whereabouts that phone companies, apps can use or sell. Customers may agree to location tracking in order to use a GPS or a fitness monitor, but be less aware of how many others are getting in on the act; Facebook, Amazon, Microsoft are just a few examples of the many apps and services that are continuously keeping track of where we go and what we do. I can’t remember whether I ever gave any of them permission, can you?
The data is frighteningly specific. It isn’t just whether you shopped at Bloomingdales or Target, it is which counters you visited while you were there. Not just whether you went to the drugstore, but whether you looked at allergy meds or aspirin. This data is enormously valuable, spawning an industry now estimated to be worth $12 billion.
Privacy advocates have sounded the alarm in the past but location tracking has remained largely unregulated. With many states banning and criminalizing abortions, the issue has taken on new significance. Data on visits to abortion clinics is easily available for purchase and can be accessed by just about anyone, including law enforcement.
According to Business Law Today, “the sheer volume of location data tracked, disclosed, and repurposed is tremendous…[in part due to] the use of multiple systems to track location, and the use of data analytics to combine location data with other personal data, [which] enables both the identification of anonymous data and the compilation of comprehensive and precise profiles of tracked individuals.”
While at one time the industry defended itself by claiming that much of the location data it collects is anonymous, it is now clear that individuals and their interests, activities and personal characteristics can be identified through unique location patterns.
In an extensive investigation into location tracking by the NY Times in 2018, a database purchased from a single company revealed “people’s travels in startling detail, accurate to within a few yards and in some cases updated more than 14,000 times a day.” More recently, Vice Media was able to purchase, from data broker SafeGraph, “information related to visits to clinics that provide abortions including Planned Parenthood facilities, showing where groups of people visiting the locations came from, how long they stayed there, and where they then went afterwards.” Vice paid $160 for the information.
Vice’s report may have what brought SafeGraph to the attention of Senator Elizabeth Warren, who successfully urged SafeGraph and Placer.ai, another data broker, to stop selling the location data of visitors to abortion clinics. Warren noted in her request that the companies were putting the safety of anyone visiting a clinic at risk.
Despite that win Warren warned in a press release that “we can’t rely on the goodwill of Big Tech to protect Americans’ data and safety.” Warren’s goal is to pass legislation, the Health and Location Data Protection Act, that would permanently ban brokers from selling location and health data and establish serious privacy protections for consumers.
Photo taken from: Vice
In the meantime, the Federal Trade Commission is also taking steps to protect abortion related location data, It recently filed sued against Idaho-based Kochava, a data broker that purchases vast troves of location information derived from hundreds of millions of mobile devices. That information is then sold in customized data feeds that match mobile devices to timestamped location information.
According to the FTC “customers are often unaware that their location data is being purchased and shared by Kochava and have no control over its sale or use.”
The FTC alleges that customized data feeds sold by Kochava allow purchasers to identify and track specific mobile device users. “For example, the location of a mobile device at night is likely the user’s home address and could be combined with property records to uncover their identity. In fact, the data broker has touted identifying households as one of the possible uses of its data in some marketing materials.”
If the Kochava suit is successful, the FTC presumably won’t stop there. Themarkup.org identified 47 companies in the data broker business, the majority of whom are likely still selling this type of data and still putting providers and patients at risk.
Click or tap on resource URL to visit links where available
Warren, Wyden, Murray, Whitehouse, Sanders Introduce Legislation to Ban Data Brokers from Selling Americans’ Location and Health Data. https://www.warren.senate.gov/imo/media/doc/Health%20and%20Location%20Data%20Protection%20Act.pdf