Expert Advice: Location Privacy Rights Upheld

Janice Partyka

But Google and Facebook Signal Their Intent to Capture Users’ Location

The biggest international mobile-phone show ever, Mobile World Congress 2013, took place early this month in Barcelona, Spain. It came at an interesting time. Attendees learned it no longer makes sense to think about which device, or screen, is of primary importance to users. Google reports findings that 90 percent of users move sequentially between several screens — TV, phone, desktop computer and tablet — to accomplish tasks.

Google, wanting to more fully exploit ad opportunities across all devices, has revamped its AdWords program to be one platform that advertisers will use to control ads on all types of devices. In the past, advertisers could choose to advertise on desktops and no other devices.  The new rule requires mobile advertising. Although it is an integrated platform, advertisers can use parameters like the device’s location or type to send specially crafted messaging.

The GPS-based fitness watch market looks like it is on a steep curve upwards, and feasible smartphone GPS watches are available.
Rumor says Facebook is going to start tracking users’ locations at all times, to be able to cull more ad revenue from individuals’ preferences and geo life.

Finally, and most importantly in the long run for all location-enabled users, the Federal Trade Commission took a stand on location privacy.

Google Requires Mobile Advertising. Citing concerns that the shift from desktop to smartphones and tablets is damaging its bottom line, Google is revamping its AdWords advertising platform to integrate ad campaigns across all device screens. In fact, Google indicated that it will require all advertisers to pay for mobile ads even if they only wish to reach consumers on desktops. The revamp will allow customers to use contextual factors like location, time of day and device type to control integrated campaigns.

Google provides an example of how a user’s location and device type could change the advertising message. “For example, a pizza restaurant probably wants to show one ad to someone searching for ‘pizza’ at 1pm on their PC at work (perhaps a link to an online order form or menu), and a different ad to someone searching for ‘pizza’ at 8pm on a smartphone a half-mile from the restaurant (perhaps a click-to-call phone number and restaurant locator),” reads Google’s blog.

Will Apple Grab Your Wrist? Rumors continue that Apple will release a GPS-based fitness watch in 2013. Whether Apple enters the market or not, the GPS fitness market is huge and growing. The GPS fitness watch market is set to reach $1.07 billion in 2013, predicts ABI Research. Cellular-connected GPS fitness watches like the I’m Watch may further speed this market.

“There have already been unfounded rumors around Apple in 2013, so let’s wait and see. If an Apple watch did feature integrated GPS, it would no doubt significantly boost shipment forecasts in 2013,” asserts Dominique Bonte of ABI. Some start-ups in the GPS Watch category have joined the action including Leikr, Pebble, Basis and others.

Facebook Is Watching. Is it possible for the relationship between Facebook and Google to get tenser? According to a Bloomberg article, Facebook is developing a smartphone application that will track the location of its users. The app is said to be scheduled for release by mid-March, and would run on handsets in the background, even when the Facebook app or the phone isn’t open or in use.

The location data would help Facebook capture more advertising revenue as ads can be more targeted with information about a user’s location and habits. The project is said to be headed by an ex-Googler and talent from Glancee and Gowalla, both of whom were purchased by Google.

Location privacy Is Covered. Privacy concerns with Facebook location tracking would undoubtedly be raised. Currently Facebook records the GPS coordinates of users when they post status updates or photos from their phones, or check into a venue. Tracking users 24/7 is another thing. Facebook’s current location sharing policy seems to cover them carte blanche. It allows the use of data “to serve you ads that might be more relevant,” and “to tell you and your friends about people or events nearby, or offer deals to you that you might be interested in.”

Also-Rans. Will Windows and BlackBerry smartphones succeed? Will there be a crack, even a tiny one, in the duopoly of iOS and Android? The biggest worry for Microsoft and BlackBerry is if initial sales of their smartphones are too small to excite developer interest. Without abundant applications, consumers won’t continue to buy these phones. ABI Research is predicting that the demand will be strong enough and is forecasting a BlackBerry installed base of 20 million and Windows smartphone base of 45 million by year end.

Location Standards for Next Generation LBS. The Open Geospatial Consortium (OGC) held a free session and reception at the Mobile World Congress for mobile developers, location data providers, network operators and LBS service users. Attendees learned the latest in open standards development.

Path Social Network Charged on Privacy Infringement. The operator of the Path social networking app has agreed to settle Federal Trade Commission (FTC) charges that it deceived users by collecting personal information from their mobile device address books without their knowledge and consent. The settlement requires Path, Inc. to establish a comprehensive privacy program and to obtain independent privacy assessments every other year for the next 20 years. The company also will pay $800,000 to settle charges that it illegally collected personal information from children without their parents’ consent.

The settlement with Path is part of the FTC’s ongoing effort to make sure companies live up to the privacy promises they make to consumers, and that kids’ personal information isn’t collected or shared online without their parents’ consent.

“Over the years the FTC has been vigilant in responding to a long list of threats to consumer privacy, whether it is mortgage applications thrown into open trash dumpsters, kids information culled by music fan websites, or unencrypted credit card information left vulnerable to hackers,” said FTC Chairman Jon Leibowitz. “This settlement with Path shows that no matter what new technologies emerge, the agency will continue to safeguard the privacy of Americans.”

Path operates a social networking service that allows users to keep journals about “moments” in their life and to share that journal with a network of up to 150 friends. Through the Path app, users can upload, store, and share photos, written “thoughts,” the user’s location, and the names of songs to which the user is listening.

In its complaint, the FTC charged that the user interface in Path’s iOS app was misleading and provided consumers no meaningful choice regarding the collection of their personal information. In version 2.0 of its app for iOS, Path offered an “Add Friends” feature to help users add new connections to their networks. The feature provided users with three options: “Find friends from your contacts;” “Find friends from Facebook;” or “Invite friends to join Path by email or SMS.”

However, Path automatically collected and stored personal information from the user’s mobile device address book even if the user had not selected the “Find friends from your contacts” option. For each contact in the user’s mobile device address book, Path automatically collected and stored any available first and last names, addresses, phone numbers, email addresses, Facebook and Twitter usernames, and dates of birth.

The FTC alleged that Path’s privacy policy deceived consumers by claiming that it automatically collected only certain user information such as IP address, operating system, browser type, address of referring site, and site activity information. In fact, version 2.0 of the Path app for iOS automatically collected and stored personal information from the user’s mobile device address book when the user first launched version 2.0 of the app and each time the user signed back into the account.

The agency also charged that Path, which collects birth date information during user registration, violated the Children’s Online Privacy Protection Act (COPPA) Rule by collecting personal information from approximately 3,000 children under the age of 13 without first getting parents’ consent. Through its apps for both iOS and Android, as well as its website, Path enabled children to create personal journals and upload, store and share photos, written “thoughts,” their precise location, and the names of songs to which the child was listening. Path version 2.0 also collected personal information from a child’s address book, including full names, addresses, phone numbers, email addresses, dates of birth and other information, where available.

The COPPA Rule requires that operators of online sites or services directed to children, or operators that have actual knowledge of child users on their sites or services, notify parents and obtain their consent before they collect, use, or disclose personal information from children under 13. Operators covered by the Rule also have to post a privacy policy that is clear, understandable, and complete.

The FTC charged that Path violated the COPPA Rule by:

• not spelling out its collection, use and disclosure policy for children’s personal information;
• not providing parents with direct notice of its collection, use and disclosure policy for children’s personal information; and
• not obtaining verifiable parental consent before collecting children’s personal information.

In addition to the $800,000 civil penalty, Path is prohibited from making any misrepresentations about the extent to which it maintains the privacy and confidentiality of consumers’ personal information. The proposed settlement also requires Path to delete information collected from children under age 13 and bars future violations of COPPA. Path has already deleted the address book information that it collected during the time period its deceptive practices were in place.

The FTC also introduces “Mobile App Developers: Start with Security,” a new business guide that encourages developers to aim for reasonable data security, evaluate the app ecosystem before development, and includes tips such as making someone responsible for data security and taking stock of the data collected and maintained.

The commission vote to authorize the staff to refer the complaint to the Department of Justice and to approve the proposed consent decree was 5-0. The DOJ filed the complaint on behalf of the Commission in U.S. District Court for the Northern District of California on January 31, 2013. The proposed consent decree will be filed with the same U.S. District Court today and is subject to court approval.

Janice Partyka is contributing editor for wireless at GPS World. Subscribe free to her monthly e-newsletter, Wireless Pulse, at www.gpsworldcom/subscribe.