Two reports: They Know Where You Are (Krowdthink) and Cashing in on your mobile? (Open Rights Group) have examined the contracts, policies and practices of the mobile phone and Wi-Fi industry. Both reports highlight that consumers are unwittingly signing up to be location tracked 24/7 and that the highly sensitive data this generates is being used and sold on for commercial benefit. They conclude that consumers deserve to know and to not have their consent assumed.
· Key findings – mobile and Wi-Fi service providers:
o not telling customers upfront either in store at point of contract signature or online via their websites that all their movements will be tracked and historic location data will be used for marketing purposes and often sold to third parties;
o hiding in the detail of their contracts that customers can indeed opt out of location tracking as well as the marketing and sharing of related data; and not making clear the means to opt out;
o putting the customer communications focus on the need for location information to route calls and meet the requirements of government security legislation.
· The investigations also highlight that:
o Some public Wi-Fi service providers claim that they have to collect location data for security purposes, which is not the case as with mobile service providers;
o anonymisation of data is opaque and questionable as a personal data protection tool;
o unless customers know what to ask for when interrogating their mobile or Wi-Fi service providers about the location data they hold on them, they will never be any the wiser; and even when they do know, they don’t always get the information they have requested.
· Krowdthink and ORG have joined forces to launch https://optmeoutoflocation.com/ to encourage the British public to demand that mobile and Wi-Fi service providers are explicit about what they are asking their customers to opt into and provide clear choices for opting out. The campaign also offers guidance regarding minimising location tracking possibilities. · The reports follow a recent announcement by the Information Commissioner’s Office, the UK's independent body set up to uphold information rights, that Wi-Fi service providers must notify device users of the potential for their data to be analysed before they begin to process their information. It also coincides with the introduction of the new EU General Data Protection Regulations this Spring. These are designed to compel organisations to be more transparent about how they collate and handle people’s personal data. Companies who fail to follow the new rules could face huge fines.
