CTIA Best Practices and Guidelines (“Guidelines”) are intended to promote and protect user privacy as new and exciting Location-Based Services (“LBS”) are developed and deployed. Location Based Services have one thing in common regardless of the underlying technology – they rely on, use or incorporate the location of a device to provide or enhance a service. Accordingly, the Guidelines are technology-neutral and apply regardless of the technology or mobile device used or the business model employed to provide LBS (e.g., a downloaded application, a web-based service, etc.).
The Guidelines primarily focus on the user whose location information is used or disclosed. It is the user whose privacy is most at risk if location information is misused or disclosed without authorization or knowledge. Because there are many potential participants who play some role in delivery of LBS to users (e.g., an application creator/provider, an aggregator of location information, a carrier providing network location information, etc.), the Guidelines adopt a user perspective to clearly identify which entity in the LBS value chain is obligated to comply with the Guidelines. Throughout the Guidelines, that entity is referred to as the LBS Provider. The Guidelines rely on two fundamental principles: user notice and consent.
Users should have confidence when obtaining an LBS from those LBS Providers that have adopted the Guidelines that their location information will be protected and used or disclosed only as described in LBS Provider notices. By receiving notice and providing consent consistent with these Guidelines, users will maintain control over their location information. The Guidelines encourage LBS Providers to develop and deploy new technology to empower users to exercise control over their location information and to find ways to deliver effective notice and obtain consent regardless of the device or technology used or business model employed.
The Guidelines apply to LBS Providers. The following examples identify common situations and illustrate who is and is not an LBS Provider with obligations under the Guidelines.Examples of LBS Providers:
Caveat: The examples are illustrative only and do not imply that compliance with the Guidelines alone permits such uses or services. The terms on which access to location information is made available from wireless carriers to third parties, or the terms under which applications are made available to users, are beyond the scope of the Guidelines.
Scope of Coverage
The Guidelines apply whenever location information is linked by the LBS Provider to a specific device (e.g., linked by phone number, userID) or a specific person (e.g., linked by name or other unique identifier). The Guidelines do not apply to location information used or disclosed:
An important element of the Guidelines is notice. LBS Providers must ensure that potential users are informed about how their location information will be used, disclosed and protected so that they can make informed decisions whether or not to use the LBS, giving the user ultimate control over their location information. The Guidelines do not dictate the form, placement, terminology used or manner of delivery of notices. LBS Providers may use written, electronic or oral notice so long as users have an opportunity to be fully informed of LBS Providers’ information practices. Any notice must be provided in plain language and be understandable. It must not be misleading, and if combined with other terms or conditions, the LBS portion must be conspicuous
If, after having obtained consent, LBS Providers want to use location information for a new or materially different purpose not disclosed in the original notice, they must provide users with further notice and obtain consent to the new or other use. LBS Providers must inform users how long any location information will be retained, if at all. If it is not practicable to provide an exact retention period, because, for example, the retention period depends on particular circumstances, the LBS Provider may explain that to users when disclosing its retention policies.
LBS Providers that use location information to create aggregate or anonymous data by removing or permanently obscuring information that identifies a specific device or user must nevertheless provide notice of the use.
Example 6: An LBS Provider could create a dataset of mobile Internet users registered in a particular geographic or coverage area by removing or “hashing” information that identifies individual users from the dataset so that the LBS Provider could provide location-sensitive traffic management information or content to a highway safety organization. Notice that the LBS Provider creates or uses aggregate or anonymous data is required.
LBS Providers that share location information with third parties must disclose what information will be provided and to what types of third parties so that users can understand what risks may be associated with such disclosures.LBS Providers must inform users how they may terminate the LBS, and the implications of doing so. LBS Providers also must ensure that any privacy options or controls available to users to restrict use or disclosure of location information by or to others are explained to users.
Example 7: An LBS Provider that offers a social networking service might provide a mechanism for the user to establish permissions for when, where and to whom his or her location information will be disclosed. The notice to the user could include a statement to the effect: “You control who will receive your location information. In ‘settings’ on the menu, you can select contacts you wish to block or enable all the time, or you can select a manual option to review a list of contacts each time you disclose your location.”
LBS Providers must periodically remind users when their location information may be shared with others and of the users’ location privacy options, if any. The form, placement, terminology used, manner of delivery, timing and frequency of such notice depends on the nature of the LBS. For example, one would expect more reminders when the service involves frequent sharing of location information with third parties and fewer reminders, if any, when the service involves one-time, user-initiated concierge service calls (e.g., locating a nearby service). In addition, depending on the circumstances, the use of an icon or other symbol to disclose when location information may be shared may be a more effective means of reminding consumers than a written notice.
In some circumstances, account holders (as opposed to users) may control the installation and operation of LBS. In addition to providing notice to the account holder, LBS Providers still must ensure that notice is provided to each user or device that location information is being used by or disclosed to the account holder or others. Once again, the content, timing and frequency of such notice depends on the nature of the LBS.
Example 8: An LBS Provider provides an LBS to a business customer with multiple devices used by employees in the field. The LBS Provider could satisfy its notice obligation by direct notice to each device that location information is being provided to the business customer. Alternatively, pursuant to a contractual obligation between the LBS Provider and the business customer to do so, the business customer could inform its employees that it will receive user location information.
Example 9: Fleet Tracking/Employee Monitoring: A business entity purchases multiple lines to permit tracking employee locations to provide for rapid response repair service, just-in-time delivery, or fleet management.
Example 10: Public Safety: The LBS Provider enters into an agreement with a public safety organization to provide monitoring compliance with terms of supervised release and house arrest, terms of bail for bondsmen, protecting public officials on duty, or military force movements.
Example 11: Parental Controls: The LBS Provider offers a service to notify parents when a child arrives at or leaves a designated place.
Example 12: Family Safety: The LBS Provider offers a family safety feature to locate family members in an emergency or other specified circumstances.
Example 13: User signs up with an LBS Provider for a service that provides updates regarding user’s location to a group of “friends” designated by the user. The LBS Provider must provide reasonable mechanisms for the user to discontinue such location sharing with the group at a later date.
Where technically feasible, LBS Providers may provide for selective termination or restriction of an LBS upon account holder request. An account holder may revoke or terminate all or a portion of any users’ consent to an LBS.
Example 14: User signs up with an LBS Provider for a service that requires user’s wireless carrier to periodically disclose user’s location information to LBS Provider. User is a minor and the mobile device is one of several on the account of the wireless carrier’s account holder who, through controls provided by the LBS Provider or upon request to the LBS Provider, decides to block the LBS or disclosure of user’s location information to third parties. The account holder’s election with the LBS Provider revokes the user’s consent.
Similarly, revocation of consent also occurs when certain controls for sharing location information are provided by a wireless carrier, and the account holder of the wireless carrier has decided to block disclosure of a user’s location information to third parties for a line on the account holder’s account.
The Guidelines do not dictate terms of service that LBS Providers must offer to users with regard to an LBS. Nor do the Guidelines dictate any technical implementation for terminating or restricting an LBS.