By now, it should come as perhaps no surprise that your smartphone is collecting data about you and where you go every day. But what is surprising is the extent to which location data and other personal data about you is being traded on an increasingly robust secondary market, often without your knowledge. According to a recent New York Times investigative report, your precise location can be tracked up to 14,000 times per day. With that type of information, advertisers and other businesses can gain an unprecedented level of insight into how you spend your day.
As the New York Times report makes clear, location data is now big business, very much in demand by retailers, advertisers and even investment funds. More than 75 companies now directly pay for raw location data from smartphone apps, eager to gain insights into people’s everyday whereabouts. And even more companies pay for location-based advertising, in which they can serve up advertisements based on where you go every day and where you happen to be at the current moment. Currently, more than 1,000 apps contain location-sharing code and the current size of the location-targeted advertising market is $21 billion.
The problem with anonymous location data
Of course, those involved in the collection and sale of this location data say that they are doing nothing wrong. All location history is completely anonymous, they say. That’s because the location data is not tied to a unique name or phone number or social security number. Rather, it is tied to a unique ID. Thus, while a company purchasing this location data knows person X traveled to a certain location at 8:00 in the morning, they do not know the precise identity of this person. They collect locations, not identities.
However, where things get alarming is just how easy it is to figure out the real name and identity of a person based on that unique ID and basic location information. What appears to be anonymous is not so anonymous after all. For example, the New York Times was very easily able to identify a person simply by reviewing all the raw data. Since location data is precise down to the exact latitude and longitude, it doesn’t take too much effort to figure out that if a person spends every night at location X, that location X must be the home address of that person. A quick cross-check of public records – or perhaps even a quick Google search – might be enough to turn up the name of the person.
This precise location data, if used by the wrong people, could prove dangerous. For example, some of the location data reviewed by the New York Times as part of its investigative report showed the path of regular travels between a home residence address and a middle school. It’s not hard to figure out that the smartphone being used belonged to a child, and so a complete stranger would have access to the comings and goings of someone’s child.
And, even for adults, the level and scope of location data tracking poses perils. Do you want others to know where you spent the night? Or that you went to a certain political meeting one day? Or that you went to a specific type of doctor one day? In one hypothetical example mentioned by the New York Times, a personal injury lawyer in search of new clients might ask for location data on all people going to the emergency room of a certain hospital in the area. Based on that location data, that lawyer would have a way to target a highly specific (and vulnerable) population of people.
Do people really know how their location data is being used?
The bigger picture, of course, is that most location data is being used for the correct purposes by location data companies. If you want an accurate weather forecast in your area, for example, you need to give a weather app your location data. If you want a national retailer to send you information and updates that have been customized for your specific geographic region, then you also need to include location data. Or what if you are using app-based location services to find the nearest gas station? Again, you need to give up your location data.
What the New York Times investigation turned up, however, is that user agreements that you sign when you first use these apps can be very vague about the way your user location data is really being used. Hidden in all the inscrutable language of the agreement may be a clause permitting that company to sell your location data to another company, without even telling you what they are doing. In one example reviewed in the report, an app providing stats and scores for local sports fans was also selling access to the raw data from its users to other businesses.
The rise of the 24/7 surveillance state
In a worst-case scenario, of course, smartphones and other mobile devices have the potential to become mobile surveillance devices. It is almost as if you become an animal in the wild, tagged for an experiment by scientists eager to see how you behave on certain days and under certain conditions. Thousands of times per day, they can follow you around a city. Even creepier, government agencies might get their hands on all this location data, leading to an Orwellian “1984” scenario. The all-seeing eye of the government would be able to track you everywhere and know everything that you do.
Given this potential for harm, some legislators are working to move forward bills that would protect consumers and limit the ability of companies to collect and sell your location data. Right now, the whole area of location data is loosely regulated, so simply buying and paying for location data is not breaking any federal laws.
The matter is not so clear, however, when it comes to deceptive business practices. The Federal Trade Commission (FTC), which is in charge of protecting consumers in the United States, has shown some willingness to step in and protect consumers if companies are not divulging the extent to which they are selling and exchanging data. Most people simply don’t know what’s going on, and policies can vary so greatly from company to company, such that some form of governmental protection seems to be in order.
The big takeaway from all this, of course, is that users need to become more aware of all the location data that various apps are collecting. If you don’t want retailers and advertisers being able to track your physical whereabouts every few seconds, it makes sense to review which apps you are using and what the default settings for those apps are.