We have discussed the many advantages location-based personalization can provide to consumers. However, location-based services also provide an unprecedented opportunity for information to be abused. Without clear privacy rules, a user's every movement can be recorded and later used by commercial and governmental organizations. Consumers are already overwhelmed by unsolicited marketing directed at them via mail, phone, and e-mail. More important, location information can reveal details that might be protected by regional and national privacy laws. Access to a user's location profile could reveal physical destinations such as government offices and medical clinics. In an extreme case, location data provides real-time information about an individual that could place them in physical danger if improperly disclosed.
The U.S. Wireless Communications and Public Safety Act of 1999 provides consumers with a certain level of privacy protection. Section 222 of the act requires express prior authorization before a user's location information may can be accessed or disclosed. The express prior authorization required must be based on an "opt-in" standard. It is important that mobile location service applications are designed with these guidelines in mind so that consumers' privacy expectations are met. Additional commentary has been submitted by the Center for Democracy and Technology to the U.S. Federal Communications Commission (FCC) and can be read at http://www.cdt.org/privacy/issues/location/010406fcc.shtml.
In an effort to prevent unnecessarily restrictive legislation and to educate marketers and service providers, self-regulation initiatives have been launched by the Cellular Telecommunications & Internet Association (CTIA) and the Mobile Marketing Association (MMA).
The CTIA is an international organization that represents all elements of wireless communications, including cellular, personal communications services, enhanced specialized mobile radio, and mobile satellite services. The organization represents manufacturers, service providers, and many other groups. One of their primary functions is to represent its members in a constant dialogue with the FCC and in Congress.
The CTIA has developed and published a set of guidelines for appropriate use of location information. The guidelines suggest the following components:
Notice: Customers must be informed about location information collection and use practices before any disclosure or use takes place.
Consent: Express authorization must be obtained prior to collection.
Security and Information Integrity: Location information must be protected against unauthorized access and the provider must ensure that third parties to whom the information is provided adhere to the provider's location information practices.
Technology Neutral: The privacy guidelines should be consistent, whether the service depends on handset-, vehicle-, or network-based location determination techniques.
The MMA is an international industry trade association devoted to handheld device manufacturers, carriers, and operators; software providers, agencies, retailers, and advertisers; and service providers of mobile wireless marketing and advertising. The activities of the MMA include evaluating and recommending standards and practices, fielding research to document the effectiveness of the wireless medium, and educating the wireless (mobile) advertising industry about the effective, responsible use of wireless advertising.
The MMA has developed a set of guidelines related to privacy and spam. The goals of these guidelines are to put MMA members on record as being in favor of consumers controlling their personal information, to instill trust in consumers that their privacy information is being appropriately handled, and to enable robust and diverse content and service offerings to consumers. The MMA guidelines recommend the following:
Wireless subscribers are notified of what information is being collected.
Subscribers should be given notice and choice about how their personal information is going to be used, and it should not be used for purposes other than explicitly agreed to via an opt-in.
Every effort should be made to ensure that personal information is accurate and secure, and subscribers should be given the opportunity to correct or delete it.
Wireless push advertising and content should not be sent to subscribers without explicit consent.