Archive

Posts Tagged ‘location privacy’

General Data Protection Regulation comes to the EU … and it covers location.

April 23, 2018 1 comment

Legislation protection typically lags behind technological innovation until a clearer picture of how a particular technology is used and abused emerges. The issues associated with personal location data privacy and the often unintentional disclosure of personal and sensitive information, are subjects we have discussed many times before on Spatial Reserves (Always On: The analysts are watchingPrivacy concerns from fitness maps and apps).  However, things are set to change in the European Union (EU) with the introduction of new legislation covering how personal location information is collected, used and stored.

On 25th May 2018, General Data Protection Regulation (GDPR) will come into effect in the EU, replacing an earlier data privacy directive introduced in 1995. Aimed at protecting the personal data of all EU citizens, GDPR establishes new safeguards to minimise data breaches and misuse. It introduces a number of Data Subject Rights including right of access, right to be forgotten and privacy by design. Although such regulatory initiatives are often associated with the data collecting activities of larger companies and organisations and the type of data they collect, such as those in the financial and marketing sectors, GDPR extends the definition of personal data in Article 4 (1) to include:

‘… any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person

This legislative acknowledgement recognises location as an equally important component of personal information and an indicator of what GDPR defines as sensitive traits (political affiliation, religious beliefs and so on). Companies, organisations and institutions in the EU will be required to ask permission to use personal location information, be transparent about the use of this information and delete it if requested to do so.

 

 

Advertisements

Privacy concerns from fitness maps and apps

January 31, 2018 2 comments

We frequently write about the need to teach about and be aware of location privacy with the rapid advancement and web-enablement of GIS.  Thus it wasn’t a surprise when recent concerns arose over an amazing map from Strava Labs.  Maps generated from GPS-enabled fitness devices and other recreational uses of GPS such as GPS Drawing, as well as those from the fitness tracker market such as Fitbit and Garmin, have for several years been sharable and viewable.  Strava has been one of the leaders in helping people stay motivated to meet their fitness goals by providing tools such as apps and maps.  But perhaps the Strava map attracted more attention than others because it contains an amazing “over 1 billion activities and 13 trillion data points”, or perhaps because the map is so responsive and contains some stunning cartography that the web map user can customize.

Whatever the reason, as reported in USA TodayPopular MechanicsWired, and elsewhere, location privacy concerns have arisen recently over the new Strava map.  Specifically, “Security experts over the weekend questioned whether the user-generated map could not only show the locations of military bases, but specific routes most heavily traveled as military personnel unintentionally shared their jogging paths and other routes.”  Some of the posts have reported that it may even be possible to scrape the data to discover the person behind each of the tracks, and the Strava CEO has responded to these and other concerns.  Any GIS user knows that much can be discovered through mapped layers and satellite imagery these days, shedding new light on what is really “secret” in our 21st Century world, but maps aimed at the recreational user are bringing these discussions to the general public.  The particular concern with the Strava data is not so much just the location information, but the temporal data tied to the location, and potential identification of individuals.

Much of it comes down to what we have been saying in this blog–understand the defaults for whatever you are doing in GIS, whether it is the projection of your geospatial data or the location-based app on your phone.  Ask yourself, “What is the default–is my data public by default? Is my projection Web Mercator by default?  Can I override the default, and if so, how?  What is the best way to represent this spatial information?  Do I need to share this information?  If I need to share the information, how should I do it?”  and then act accordingly.   For more on this topic, I encourage you to read some of our short essays, such as Why Does a Calculator App need to know my location?, Making the Most of Our Personal Location Dataposting cat pictures and The Invasion of the Data Snatchers.

stravamap

A section of the Strava heat map, showing the results of people who have recorded and shared their fitness walks and runs.  As one might expect, city park and a high school track stand out as places where more people conduct these activities.  As with other maps showing locations where people are now or where they have been, location privacy concerns have been raised. 

Potential Harm to Rare Species from Location-Tagged Data

November 20, 2017 2 comments

In a new study from Yale University entitled “Unnatural Surveillance: How Online Data Is Putting Species at Risk,”  author Adam Welz sounds an alarm about harm that can come from the fact that location information is increasingly tied to data.  In the case of rare and endangered plants and animals, Welz points out that “poachers can use computers and smartphones to pinpoint the locations of rare and endangered species and then go nab them.”   The case highlighted in the article is one of a couple who had been illegally gathering rare African succulent plants after doing research on the location of the plants, and then illegally selling the plants through their own website.  In the past it may have taken perhaps an entire botanical career to gather information on this level of specificity, but “in 2015, a pair of poachers could acquire it in a short time from a desk on another continent.”  Unfortunately, this is not an isolated case, and Welz should know:  He has long focused on writing about and has extensive experience in international and African wildlife issues.

The author thoughtfully raises other ways, trends, and technologies that expose the location of protected species to those with other motives, such as the increased publishing of scientific research in open access journals, VHF radio signals from animal collars, the rise of citizen science, and even geotagged social media posts from tourists who photograph wildlife.  Welz recognizes the positive impact that the growth of data has had on research and on conservation in particular, but raises awareness of the real danger that location-tagged data can pose to the very things that many seek to study and protect.  As a member of the academic community, I have been working with open access journals for years, and I had not considered the potential misuse of this new publication avenue.

As a long-time member of another community–that of caving, I have for decades been sensitive to the related issue of publishing of cave locations, and the resulting harm that can and has  come from those entering caves without a permit and/or those who would seek to vandalize a cave.  I would love to see a researcher conduct further research on the geospatial implications of the points that Welz raises.   Lacking that, Welz’ article still provides an affirmation of one of our themes of this blog and our book:  What is important is what people do with the data.  Data can be used for good and for ill.  It is my hope that articles such as this raise awareness so that data and tool providers build safeguards that make it difficult for people who seek to use data for ill to access that data, while still moving toward the goals of open data access for enabling smart decisions.

canada_forest

A review of an article wherein Adam Welz sounds an alarm about harm that can come from the fact that location information is increasingly tied to data.