| Home » Media » Industry Info |
|
Best Practices and Guidelines for Location Based Services
PDF Version
Purpose
CTIA has developed these Best Practices and Guidelines (“Guidelines”) to promote and protect user privacy as new and exciting Location-Based Services (“LBS”) are developed and deployed. To achieve this goal, the Guidelines rely on two fundamental principles: user notice and consent. < More
- First, LBS Providers must inform users about how their location information will be used, disclosed and protected so that a user can make an informed decision whether or not to use the LBS or authorize disclosure.
- Second, once a user has chosen to use an LBS, or authorized the disclosure of location information, he or she should have choices as to when or whether location information will be disclosed to third parties and should have the ability to revoke any such authorization.
These Guidelines are focused on the LBS user whose location information is used or disclosed. It is the LBS user whose privacy is most at risk if the location information is misused or disclosed without authorization. Thus, the Guidelines place a premium on user notice and control.
However, the Guidelines also recognize that in some circumstances such as child safety or business needs, a wireless carrier’s account holder rather than an authorized user on that account, may decide whether an LBS may be used at all or location disclosed to a third party. For example, a parent/account holder may want to subscribe to an LBS to know when a child/authorized user arrives at school or may want to block disclosure of a child/authorized user’s location information for safety reasons; or, an employer may need to subscribe to an LBS for its workforce where disclosure of continuous location information would be required for fleet management or service delivery.
The Guidelines are flexible enough to anticipate future LBS developments. The Guidelines apply regardless of the technology or mobile device used or the business model employed to provide services.
When using services from LBS Providers that have adopted these Guidelines, LBS users can have confidence that the privacy of their location information will be protected and used or disclosed only as described in LBS notices.
Applicability
These Guidelines apply to all LBS Providers. Not all parties in the LBS value chain are LBS Providers. A wireless carrier is not an LBS Provider when its account holder or authorized users on that account subscribe to or use a third party’s LBS without the direct involvement of the wireless carrier in providing the LBS. < More
Examples of LBS Providers:
1) A wireless carrier is an LBS Provider when it provides account holders or
authorized users an enhanced 411 LBS to locate nearby businesses.
2) A wireless carrier that makes user location information available to third parties
to support concierge-like services is an LBS Provider for purposes of the
disclosure of location information, and the third party that makes the service
available to end users likewise is an LBS Provider.
3) An entity that enables third party application providers to access location
information from multiple wireless carriers (i.e., an aggregator) is not an LBS
Provider, but the wireless carriers and the third parties that make the services
available to end users are LBS Providers.
4) A wireless carrier that provides its users “on-deck” access to a mapping service
enabled by third party software and service is an LBS Provider if it provides the
location information used by the third party; and the third party is an LBS
Provider.
5) A third party that provides an LBS exclusively to its own customers—for
example, through a downloaded application that relies solely on the device’s
GPS capabilities—is an LBS Provider. The wireless carrier is not an LBS
Provider, unless it makes available the location information—for example,
through its network—to the third party to facilitate the service.
Caveat: The examples are illustrative only and do not imply that compliance
with the Guidelines alone permits such uses or services. The terms on which
access to location information is made available from wireless carriers to third
parties are beyond the scope of these Guidelines.
Scope of Coverage
The Guidelines cover location information where the LBS user is identified or his or her location information is linked to other personally identifiable information by the LBS Provider. The Guidelines do not apply to location information used or disclosed: < More
- as authorized or required by applicable law (e.g., to respond to emergencies, E911, or legal process);
- to protect the rights and property of LBS Providers, users or other providers of location information; and
- for operation, testing or maintenance of any network or LBS.
Specific Guidelines
- Notice
The hallmark of these Guidelines is notice. LBS Providers must inform LBS users about how their location information will be used, disclosed and protected so that a potential LBS user can make an informed decision whether or not to use the service or authorize the disclosure.
These Guidelines do not dictate the form, placement, manner of delivery or content of notices. LBS Providers may use written, electronic or oral notice so long as LBS users have an opportunity to be fully informed of the LBS Provider’s information practices. Any notice must be provided in plain language and be understandable. It must not be misleading, and if combined with other terms or conditions, the LBS portion must be conspicuous.
Example: Wireless carriers that collect location information when they provide information services might choose to provide notice as part of a privacy notice on their Web page. The following sample is illustrative only:
“When you use your mobile browser or enable other data services, we collect your location information. We use that information to provide you with any Location-Based Services that you have requested. We may also use your location information to create aggregate data from which your personally identifiable information has been removed or obscured. We do not retain location information longer than necessary to provide the service. We will not disclose your location information to third parties without your consent. You should carefully review the privacy policies of third parties with whom you have authorized the sharing of your location information, and you should understand the risks involved in disclosing your location information to friends or other people you may not know.”
If the LBS Provider intends to use location information for any purpose other than providing the LBS itself, the notice should explain the other uses (e.g., the use of location information to create aggregate data for location-sensitive advertising). If the LBS Provider later wants to use location information for another purpose not disclosed in the original notice, the LBS Provider must provide the LBS user with further notice and an opportunity to consent to the use.
LBS Providers should inform LBS users how long any location information will be retained, if at all.
An LBS Provider that uses location information to create aggregate data by removing or permanently obscuring the user’s identity should provide notice of the use.
Example: A wireless carrier could create a dataset of mobile Internet users registered in a particular geographic or coverage area by removing or “hashing” the personal identities of the users from the dataset so that third parties could provide location-sensitive advertisements or content to the anonymous group. While notice of this use is appropriate, the wireless carrier would not need to obtain the LBS user’s consent to create the aggregate dataset.
LBS Providers that share location information with third parties must explain what information will be provided and to what types of third parties so that the LBS user can understand what risks may be associated with such disclosures.
LBS Providers should inform users whether they may terminate the LBS, and what consequences arise from doing so. LBS Providers should explain any privacy options or controls available to LBS users to restrict use or disclosure of location information by or to others.
Example: An LBS Provider that offers a social networking service might provide a mechanism for the LBS user to establish permissions for when, where and to whom his or her location information will be disclosed. The notice to the LBS user should include a statement to the effect:
“You control when your location is shared with others. In “settings” on the menu, you can select contacts you wish to block or enable all the time, or you can select a manual option to review a list of contacts each time you disclose your location.”
Depending on the nature and sensitivity of the LBS being provided, LBS Providers should periodically remind LBS users of their location privacy options. The timing and frequency of such notices depends on the nature of the LBS. For example, one would expect more reminders when the service involves frequent sharing of location information with third parties and fewer reminders, if any, when the service involves one-time, user-initiated concierge service calls (e.g., locating a nearby service).
When two or more LBS Providers have a role in providing the LBS, the form of notice each provides to the LBS user will vary according to the type of LBS and who offers what service to the LBS end user. For example, a wireless carrier that makes location information available to third parties at the request of an authorized user would not be expected to include in its notice information about the third party LBS Provider’s use, disclosure or protection of the LBS user’s location information. Instead, the third party LBS Provider would be expected to provide such information in its notice to the LBS user.
When a wireless carrier provides an LBS to a wireless carrier’s account holder as described in Section 4.B.2 below, the wireless carrier does not need to provide notice to the account holder’s users, but it is recommend that account holders inform their users that location information is being provided to or used by the account holder. - Consent
1. Form of Consent
LBS Providers must obtain user consent before initiating an LBS or disclosing location information. The form of consent may vary with the type of service or other circumstances, but the LBS Provider bears the burden of establishing that informed consent has been obtained before initiating an LBS or disclosing location information.
These Guidelines do not dictate the form, placement, manner of collecting or content of consent as long as the consent is informed. LBS user consent may be implicit, such as when an LBS user requests a service based on his or her location. Or, an LBS user’s consent may be contained in the terms and conditions of service for an LBS to which an LBS user subscribes. An LBS user may manifest consent electronically by clicking "I accept"; verbally by authorizing the disclosure to a customer service representative; through an IVR system or any other system reasonably calculated to confirm the LBS user’s consent.
2. Account Holder Consent
In some cases, a wireless carrier’s account holder, instead of an LBS user, may initiate or subscribe to an LBS and provide the required consent.
The following examples are illustrative:
Example 1. Fleet Tracking/Employee Monitoring: The LBS Provider is a wireless carrier and its customer is a business entity purchasing x lines to permit tracking employee locations to provide for rapid response repair service, just-in-time delivery, or fleet management.
Example 2. Public Safety: The LBS Provider enters into an agreement to provide monitoring compliance with terms of supervised release and house arrest, terms of bail for bondsmen, protecting public officials on duty, or military force movements.
Example 3. Parental Controls: The LBS Provider offers a service to notify parents when a child arrives at or leaves a designated place.
Example 4. Family Safety: The LBS Provider offers a family safety feature to locate family members in an emergency or other specified circumstances.
Best Practices and Guidelines for Location-Based Services
2. Revocation of Consent
LBS Providers must allow LBS users to revoke their prior consent to disclose location information to all or specified third parties. Where technically feasible, LBS Providers may provide for selective termination or restriction of individual LBS applications upon LBS user or wireless carrier account holder request.
Constructive revocation or termination of an LBS user’s consent occurs when a wireless carrier’s account holder with authority over the LBS user’s service subsequently prohibits the use of an LBS or disclosure of location information.
Example: User signs up with an LBS Provider for a service that requires User’s wireless carrier to periodically disclose User’s location information to LBS Provider. User is a minor and the mobile device is one of several on the account of the wireless carrier’s Account Holder who, through controls provided by the wireless carrier, has decided to block disclosure of User’s location information to third parties. The Account Holder’s election with the wireless carrier trumps User’s consent to the LBS Provider, and the consent constructively is deemed revoked.
These Guidelines do not dictate terms of service that LBS Providers must offer to LBS users with regard to an LBS. Nor do the Guidelines dictate any technical implementation for terminating or restricting an LBS or authorization to disclose location information. - Safeguards
1. Security of Location Information
LBS Providers should employ reasonable administrative, physical and/or technical safeguards to protect a user’s location information from unauthorized access, alteration, destruction, use or disclosure. LBS Providers should use contractual measures when appropriate to protect the security, integrity and privacy of user location information.
2. Retention and Storage of Location Information
LBS Providers should retain user location information only as long as business needs require, and then must destroy or render unreadable such information on disposal. If it is necessary to retain location information for long-term use, where feasible, LBS Providers should convert location information to aggregate data.
3. Reporting Abuse
LBS Providers should provide a resource for users to report abuse and provide a process that can address that abuse in a timely manner.
4. Compliance with Laws
LBS Providers must comply with applicable laws regarding the use and disclosure of location information, and in particular, laws regarding the protection of minors. In addition, it is recommended that LBS Providers comply with applicable industry best practices and model codes.
5. Education
In addition to any notices required under these Guidelines, LBS Providers certifying under these Guidelines will work with CTIA in an education campaign to inform LBS users regarding the responsible use of LBS and the privacy and other risks associated with the disclosure of location information to unauthorized or unknown third parties.
6. Compliance with Guidelines
LBS Providers that comply with these Guidelines may self-certify such compliance by placing the following statement in their marketing or promotional materials:
LBS Provider follows CTIA’s Best Practices and Guidelines for Location-Based Services.
Illustrative Annex Wireless Carrier By purchasing the wireless service with location-enabled services, account holder agrees that wireless carrier may disclose a user’s location information to the third party application provider. Application Provider User agrees to the terms and conditions governing the service.
The purpose of this illustrative annex is to illustrate what an LBS user might expect under these Guidelines when two or more LBS Providers are involved in providing a location-based service. The Guidelines are flexible enough to permit an LBS Provider to meet them in a myriad of ways, so this Annex is merely illustrative, not a mandatory implementation. Under these Guidelines, an LBS Provider always bears the burden of demonstrating that an LBS user received sufficient notice to make an informed decision about whether to subscribe to an LBS or authorize disclosure of location information. < More
Illustration:
A wireless carrier provides its users with a wireless device having “on-deck” access to a mapping service enabled by third party software. The wireless carrier provides the user’s location information to the third party who in turn informs the user of services in the area.
Wireless Carrier is an LBS Provider because it provides the location to the third party.
The Wireless Carrier should provide a notice to its account holder that:
the device is location-enabled
Application Provider is an LBS Provider because it receives location from a wireless carrier to provide an LBS to a mobile user.
The Application Provider should provide notice to the LBS user that:
Come visit the CTIA Blog and the world of wireless from our side of the fence.
We are now hosting a platform where we can communicate what the association is doing to advance the wireless agenda, while allowing for dialogue about it, all year round, was the thing to do.
So, please come visit the CTIA Blog and join in the dialogue today!