Yesterday a story about Apple’s unauthorised logging of timestamped location data on iPhones running iOS 4.x versions of the system software was published in several articles in technical and mainstream media worldwide. This is important, not only because of the ubiquity of location-based services available to consumers worldwide and the significance of location in safeguarding the privacy of individuals, but also because of the differences in legislation in different regions, the lack of transparency in the organisations that do gather data and the complete ignorance of those users whose data is being collected both with respect to the fact itself and the uses that they undergo.

When we first introduced AthensBook, in early 2009, we went through the ‘hassle’ of researching (with the assistance of a small legal team that advise us on legal issues) the whole topic of privacy and location in Greece and the European Union. We also observed what manufacturers, be it hardware or system software, do. To our surprise we realised the following:

• Manufacturers implicitly (and, in some cases, explicitly) ask for the users’ permission to use their location for one reason or another. Google, in its Android operating system, for example, asks for the user’s consent when he or she tries to enable Wifi/Cell-ID-based positioning. The message states that the service will anonymously gather data even when no applications make use of location services. This is Google’s way of maintaining and improving its cell triangulation and BSSID databases, important features of most modern smartphones that vastly accelerate the process positioning and, along with A-GPS, provide extremely accurate location data that would be impossible with off-line GPS devices of that size and power profile. There is no guarantee on what the company will do with the data, of course.
• People have no idea that this is happening, in most cases. We’ve had Android users ask us about the data AthensBook gathers from its users and seeming very concerned about their location being ‘sent’ to a remote server. Those same people were totally oblivious of the kind of data Google is gathering from their devices all the time, despite the fact that they agreed to it when they enabled location services on their phone.
• People are most likely to trust large corporations and be wary of smaller startups making use of location data, even if the latter have a published, clear and transparent privacy policy and terms of use.
• Even within the EU there are varying levels of legislative control over how location is classified and what can application service providers can do with it.

There seems to be widespread ignorance among the population about what their devices can do, what the companies that manufacture and sell them do with their data and what applications do. It is easy to agree to a long text titled ‘Terms of Use’ or ‘Privacy Policy’ without reading it, but most of the time people are totally clueless about their rights and whether they have voluntarily gave them up when they agreed to use Google’s or Apple’s latest and greatest gadget.
»