New studies highlight the user risks associated with round-the-clock tracking activity carried out by mobile and Wi-Fi companies
The vast majority of British citizens are being tracked day and night through their mobile devices, and are at risk of being targeted by criminals if this location data should fall into the wrong hands, say privacy campaigners.
Separate reports from Krowdthink and the Open Rights Group, both published on campaign website OptMeOutOfLocation.com, claim that mobile and Wi-Fi operators track users’ movements around the clock and store this information for marketing purposes or sell it onto third parties.
Network firms argue that their actions comply with the Data Protection Act and the Privacy of Electronic Communications Regulations, and that they follow guidance from the Information Commissioner on the storage and use of tracking data.
Big Data risks
They add that such data is anonymised, meaning it can’t immediately be used to identify individuals. Anonymisation also means that they aren’t legally obliged to ask for customers’ consent to use it.
However, both groups argue current law may not be fit for purpose when it comes to protecting consumers from the risks associated with “Big Data” analysis.
They argue that the protection offered by anonymisation is questionable as uch data could, in some cases, be de-anonymised simply by cross-referencing it with other information such as the electoral roll.
“It appears that in some cases the data is not fully anonymised and should remain classed as personal information requiring consent for reuse,” the Open Rights Group said in its study.
Lower level of protection
While health data is seen as highly private, location data is nearly as personal but doesn’t currently have the same level of protection, added Krowdthink. Pointing out the damage to users caused by recent data breaches, the firm suggested something similar could occur with location data.
“We dread to consider the consequences in another 2 to 5 years of large-scale data hacks of the UK’s entire population movements,” it said.
Such data can reveal sensitive details such as gender, sexual orientation and religion, and information such as when they are not at home and when children leave home or school, exposing individuals to risks if the information should be obtained by criminals.
“Your mobile and Wi-Fi service providers know – without you knowing – where you are, how you got there and can figure out where you are going,” said Krowdthink founder Geoff Revill.
Right to opt out
Customers do have a legal right to opt out of location tracking for marketing purposes, and the European General Data Protection Regulation set to come into effect this spring will give them the right to demand that their data is deleted, the firms pointed out.
They are campaigning for mobile and Wi-Fi companies to be more up-front about location tracking and to make it more straightforward for customers to opt out.
The groups pointed out that users can also turn off wireless Internet when they are not using it to avoid disclosing their location to nearby hotspots, which often register a user’s location even if they do not log in.
“The law needs to change and data regulators like the ICO need to step and take action to protect citizens,” the Open Rights Group stated. “We urge companies to recognise that this is about more than compliance with the minimum legal requirements. Companies who want to succeed in the Big Data age need to put consent at the heart of their relationship with customers.”
Are you a security pro? Try our quiz!