“The writing is on the wall that there will be baseline privacy legislation introduced,” said John Morris, general counsel for the Center for Democracy and Technology at a Congressional hearing on location data and privacy yesterday. “It will require location be treated as sensitive data, like medical data. You’ll need to do more than just post a disclosure statement.”
We’re entering an era of location as platform, but should that location data be as fundamentally private by default as medical information is?
Many users are concerned about their location being exposed in ways they don’t control, and that have adverse impacts on their safety and freedom. That’s one side of the debate. These concerns could cause the development of location-based services to backfire, argues the Center for Democracy and Technology’s Erica Newland in a blog post today:
Location privacy is a timely issue here at the dawn of the location-enabled Web: ensuring that location information is subject to neither commercial nor government misuse – but is instead transmitted and accessed in a privacy-protective way – is essential to the long-term success of location-based applications and services. Beyond the risks to individuals? privacy, the present lack of privacy protection also creates market risks for the very companies seeking to capitalize on location services.
That’s well put, but does location data need to be default private like medical information in order to prevent misuse, and to support an economy of innovation? Some people believe that it is the culture of sharing by default that makes location-based services what they are.
As writer Kit O’Connell said in our Google Buzz chat on this topic: “people will never treat location like medical data, because they are so willing to give it up to the world in so many cases. It becomes an issue of surveillance vs. sousveillance.” Sousveillance is outward-facing surveillance. Location-based social networks offer not just a way for us to be seen, but a way for us to see what the rest of the world around us is doing. Checking in to a location is interesting not just so other people know you’re there, but so you can see who else you know has been there as well and what they said about it.
Of course exposure of your location is going to be opt-in on all of these services, but the locations you choose to check in at ought to be public on some level so that interesting services can be built on top of them. See Gowalla’s new API, for example, or our post What Twitter’s New Geolocation API Makes Possible.
Of course it would also be good to let users limit exposure of their location in certain situations to certain circles of friends. I might be happy to check in at certain establishments if that was only made visible to a select group of my friends (not my family) and to other people checking in at that location, for example.
But treating location data like medical data sounds like a recipe for shrouding it in complete privacy by default. Not allowing information about our activities in public… to be public… would be a real blow to the location-service ecosystem.
Samuri on a Cell Phone photo credit: rumpleteaser.