Big Business and Geolocation Data Privacy
What is geolocation data?
Geolocation data is information on where a device is being used. Because Internet-connected devices are for personal use (smartphones, smartwatches, tablets, laptops, etc.), this translates into information about the user’s individual life. Companies who can access this data are able to make a wealth of deductions about the habits, preferences, and vulnerabilities of mobile device users.
Geolocation technology provides companies the coordinates of your location (latitude and longitude) and the time you were there. This can sound creepy and make one think of George Orwell’s Big Brother, but it’s also extremely useful, powering some of the services and conveniences we benefit from day-to-day.
Who uses geolocation data?
Oh, almost everybody. Mobile devices are almost constantly connected to GPS, so they can get you to your destination and recommend coffee shops along the way. Fitness trackers use geolocation data to calculate how far you’ve run, how high you’ve climbed, and how much energy it took to get there. In these cases, the primary entity using the data is (supposed to be) the mobile device user.
In other cases, the primary entity using the data is someone who is (supposed to be) providing a service to you. Uber uses geolocation data to connect you with a ride to the meeting downtown. Chick-fil-a uses geolocation data to pull up the menu that’s most relevant to your local restaurant. Medical alert systems have saved lives by notifying emergency workers of an individual’s location.
Other uses of geolocation data are more self-serving to those collecting it. Consumer market research has gone wild with the hyper-specific data it can buy from third-party companies who collect information on mobile device users. More on this later.
And, the least altruistic bunch of all, predators of various sorts can abuse this geolocation data to victimize individuals. Perpetrators of domestic violence have been some of the chief abusers of GPS on a ground-level scale.
But geolocation technology has been a weak point on the global scale as well. In 2012, Iran’s oil supply was threatened by a cyberattack made possible by GPS. The U.S. military and Google have been hacked many times, and as GPS is integrated into each of these giants, it is only wise to carefully consider how to shore up our defenses against the abuse of geolocation data.
Did you know?
GPS is run by the United States military. It was originally designed to keep track of its planes and troops but is now used worldwide by governments, organizations, and individuals. The military relies on GPS to run its weapons systems and troop movements, but the military has publicly stated that these systems are hackable.
How big businesses are using mobile geolocation data
Janelle Nanos of the Boston Globe describes our state of dependence on this technology as being “at the slightly queasy intersection of consumerism and surveillance.”
So many apps have been able to deliver great customer experiences because of geolocation data collection and tracking. Google Maps, Waze, and Uber, for example, are obviously centered around using GPS. But other apps use it as a background feature to improve their services, like Amazon, Target, and The Weather Channel.
Other companies are centered around analyzing the geolocation data gleaned from these and other apps. The location analytics firm Placed has ascertained such useful information as the increased likelihood of Netflix watchers to frequent Chili’s restaurants and consumers who buy bitcoin to buy a Hyundai. This may seem trivial, but if you are Chili’s or Hyundai, it’s your golden ticket to your most lucrative advertising niche.
Based on your location, marketing agencies can figure out where you live, when you sleep, whether you’re more of a Walmart shopper or a Whole Foods aficionado. Advertisers can also learn a lot about you from which apps you use the most and what sites you browse when you’re on public transit.
The Thasos Group was able to determine, for example, that Whole Foods saw a 17 percent increase in foot traffic last August after they announced they were slashing prices.
Thasos’ founder and chief executive Greg Skibiski expressed concerns for the need to protect privacy while still encouraging the exploration of its potential.
“The data is out there and never coming back,” he said. “And we need rules for it.” -Greg Skibiski, quoted in Every Step You Take, by Janelle Nanos, Boston Globe.
Just how lucrative is the use of geolocation data?
In 2017, marketers spent $17.1 billion on geo-targeted mobile ads, and the research firm BIA Advisory Services forecasts that number will more than double to $38.7 billion by 2022.
Uber is famously adept at using location data. Not only do they use it to connect you with a driver in the moment, but they also store every movement made by their drivers’ cars and use it to inform issues like supply and demand, dynamic pricing, and constantly reshaping their company’s strategies. But the company is struggling to make a profit because the technologies they’re using are often available to everyone else as well. Therefore, they have to focus on developing more advanced technologies and they’re subsidizing some of their services to remain competitive in the meantime.
It’s interesting to note that Google, for one, does not sell the data it collects. In 2018, Google made more than $116 billion on advertising. This is true precisely because they hold such valuable data about their users, who also number in the billions. 65% of small- to mid-sized businesses are investing in pay-per-click advertising, and Google is the top seller by far. Google boasts an $8 to $1 return on investment.
Legal and safety issues around geolocation data privacy
Courts have generally concluded that “under existing law, … a user does not have a reasonable expectation of privacy as to geolocation data.”
We are therefore at least somewhat exposed to those who want to market to us, to those who want to pick us up in a cab, and to anyone else who can access the system.
Unfortunately, human nature being what it is, there have been all kinds of instances of people taking advantage of geolocation data to harm others.
Jamming GPS signals — which are fairly weak — could deny first responders access to those in need, cause severe traffic jams, and all sorts of costly and even deadly disruptions to life.
GPS locating has become a problem in domestic abuse, as many perpetrators have access to their victim’s whereabouts at all times. Mobile geolocation privacy is sometimes a matter of personal safety.
Questions companies need to be asking
· In what ways do we rely on GPS for the functioning of our company?
As many security systems use GPS to keep time logs accurate, this is an area of vulnerability to hacking. Cybersecurity professionals use time logs to diagnose problems and identify disruptions. If the time logs become inaccurate, fixing a cybersecurity breach becomes much more difficult.
Your company may rely on knowing the location of your deliveries, drop off locations, or other moment-to-moment information. Being aware of the vulnerabilities of GPS can help you prepare for an event in which GPS signals are compromised.
· Are we adequately protecting our customer’s privacy?
In general, the burden of protection has been on the individual, not on the institution. Many are calling for a change in this mindset, but the politics involved with regulating consumer privacy are fraught with complexity and double-mindedness. So at present, companies must make consumer privacy an ethical consideration of their own.
Companies should consider what third parties they’re interacting with and be sure that they know what information is being collected and how it is being used.
Forward-looking companies who believe in owning the burden of customer privacy is the right thing to do, can look to StrongSalt for a solution. We’re building an encrypted search and share protocol that will offer the first-ever API platform for developers to ‘bake’ privacy into existing applications. Making it no longer a trade-off to sacrifice security for usability in the apps and platforms consumers have come to depend on.
