Privacy Law and Policy Reporter
International Working Group on Data Protection in Telecommunications
Provided below is an outline of the Common Position on Privacy and Location Information in Mobile Communications services adopted by the International Working Group on Data Protection in Telecommunications (IWGDPT, sometimes called the ‘Berlin Group’) on 16 February 2001. The paper was adopted at the 29th meeting of the Working Group in Bangalore, India. The Working Group was initiated by data protection Commissioners from different countries in order to improve privacy and data protection in telecommunications and media. The group has met more than twice a year since 1990, alternating between Berlin, where the secretariat is based, and other cities. This was the second time the group has met in Asia, the first being Hong Kong in 1998 — General Editor.
Location information has been processed in mobile communications networks from the very beginning of mobile telephony. As long as this information was only generated and used for establishing a connection to the mobile device, location information resided only with the operators of telecommunications networks which, in most countries, are bound by strict telecommunications secrecy. The precision of the location depended on the size of the respective cells in the cellular networks.
Partly driven by legal obligations to make more precise information about the location of a mobile device available for emergency services, network operators have started to modify the technical infrastructure of their networks to conform with these obligations. This means that much more precise information about the location of any mobile device will be available in the near future. Equipment manufacturers claim that even today a precision of up to five metres is technically feasible when using GPS-assisted systems. At the same time, it is envisaged that the developing mobile electronic commerce will lead to the creation of a wealth of new services based on knowledge about the precise location of the user. However, these services will most likely not only be provided by telecoms operators, but by third parties which are not legally bound by the restrictions of telecommunications secrecy.
The enhanced precision of location information and its availability to parties other than the operators of mobile telecommunications networks create unprecedented threats to the privacy of the users of mobile devices linked to telecommunications networks. The Working Group therefore deems it necessary that the technology for locating mobile devices is designed to be as little invasive to privacy as possible.
The following principles should be observed.
1. The design and selection of technical devices to be used for such services must be oriented to the goal of collecting, processing and using either no personal data at all or as few data as possible.
2. Precise location information should not be generated in the first place as a standard feature of the service, but only ‘on demand’ when it is needed to provide a certain service linked to the location of the user’s device.
3. The user must remain in full control on whether precise location inform-ation is generated in the network. In this respect, solutions can be found in the use of the handset, where the creation of precise location inform-ation is initiated by the mobile device. This would seem to offer a better degree of privacy than network based solutions, where location information is generated as a standard feature and the user’s choice is limited to the question of whether it will be communicated to third parties.
4. Users should be able to disable the precise location determination at any time without disconnecting their device from the network. Users should also be able to disclose their location information at a chosen level of precision (for example, building, street, city or state).
5. Location information should only be made available to providers of value added services where the user has given informed consent. Consent may be restricted to a single transaction or certain providers of value added services. The user must also be able to access, correct and delete his or her preference data in cases where the preferences of the user are not stored on the mobile device, but within the network.
6. The creation of movement profiles by telecommunications service providers and providers of value added services should be strictly forbidden by law unless where necessary for the provision of a certain service and based on the user’s informed, unambiguous consent.
7. Location data is a highly sensitive category of information. Access, use and disclosure of such information should be subject to the same or similar controls as for content data protected by telecommunications secrecy. The Working Group refers to its common position on public accountability in relation to intercept-ion of private communications (Hong Kong, 15 April 1998; <http://www.datenschutzberlin.de/doc/int/iwgdpt/inter_en.htm> ).
8. Wherever possible, mobile network operators should not communicate location data together with personally identifiable information about the user to providers of value added services. Instead, pseudonymous information should be used. Personally identifiable information (for example the ID of the mobile device) should only be made available to providers of value added services with the user’s informed consent. Any location data should be deleted when no longer necessary for the provision of the service.
9. A provider must not make the rendering of a service or the terms of the service conditional upon the consent of the user to the effect that his or her personal localisation data may be processed where such data are not necessary for the provision of the service.