It's official, after months of industry-wide hard work, CTIA - The Wireless AssociationTM approved best practices and guidelines for the new location-based services (LBS) increasingly available on wireless devices. See Best Practices and Guidelines for Location Based Services for a deeper dive. This publication comes out at a critical time because LBS services must be offered industry-wide in a responsible and considered manner, but at the same time under a commercially viable approach. The result was also important because the LBS space needed to show government officials and regulators (in addition to consumers for that matter) that it was pro-actively addressing privacy concerns vis-à-vis location usage, and that new regulations are not necessary at this juncture.
CTIA provided these best practices to the FCC and has requested that it be adopted as formal guidelines. The FCC previously had declined to adopt LBS rules. CTIA has said that the FCC should not dictate the "form, placement, manner of delivery or content notices" that LBS providers use to give notice. The main point should be that the notice"must not be misleading, and if combined with other terms or conditions, the LBS portion must be conspicuous," CTIA said. The FCC rejected CTIA's request for LBS rules in 2002, saying then that "commercial wireless location-based services are in a developmental stage and are just beginning to emerge."
The CTIA guidelines are based on proven, time-tested privacy principles such as the privacy guidelines published by the Organization for Economic Cooperation and Development in 1980 (that's right 1980, when Jimmy Carter was President and the Doobie Brothers won Record of the Year). As stated in the CTIA's press release, "[t]he hallmarks of the Guidelines are user notice and consent. The Guidelines place a premium on these two fundamental principles because it is the LBS user whose privacy is most at risk if location information is misused or disclosed without authorization. Notably, LBS providers must inform users about how their location information will be used, disclosed and protected so each user can make informed decisions whether or not to use the LBS or authorize disclosure."
So you might now be asking, does Loopt comply with these guidelines today and, if so, how?
1. Notice Guideline. "LBS Providers must inform LBS users about how their location information will be used, disclosed and protected so that a potential LBS user can make an informed decision whether or not to use the service or authorize the disclosure."
Loopt's Approach: Loopt provides several different notifications to subscribers about use of location information. First, prior to any location sharing with Loopt friends, subscribers are provided with express notification that Loopt uses the location of their mobile device to provide the Loopt Services. In addition, the Loopt Privacy Notice is always available on our Web site, and in the mobile application. Subscribers may also request delivery of a copy of the Privacy Notice and Terms of Use by email or even postal mail.
Once registered for Loopt, subscribers receive several SMS text message reminders that Loopt is sharing the location of their device with Loopt friends in accordance with privacy settings. The Loopt mobile application includes a persistent "visibility mode" icon that indicates whether the subscriber is currently sharing location or hiding location from all Loopt friends. Finally, prior to accepting any "friend request" subscribers are reminded to only create friendship connections with real-world, trusted friends.
2. Consent Guideline. "LBS Providers must obtain user consent before initiating an LBS or disclosing location information. The form of consent may vary with the type of service or other circumstances, but the LBS Provider bears the burden of establishing that informed consent has been obtained before initiating an LBS or disclosing location information."
Loopt's Approach: Loopt is 100% permission-based. We receive opt-in consent from each and every subscriber via our Web site or mobile-based registration. Each subscriber is required to accept and agree to Loopt's Terms of Use and Privacy Notice, and to separately acknowledge that Loopt shares location information in providing the service.
Subscribers may revoke Loopt consents on a number of levels - they are in complete control of location sharing at all times. Location sharing can be turned on or off for all friends or some friends by using the mobile application or Loopt Web site privacy settings, or by calling customer service. In addition, subscribers can always terminate individual friendship connections, or entirely delete their Loopt account any time. There are lots more details to Loopt's privacy regime, but these are the basics...
What else have we been up to?
Tech Policy Summit
I spoke on the Roundtable on Wireless Innovation last week at the Tech Policy Summit with the honorable CPUC Commissioner Rachelle Chong presiding and joined by esteemed fellow panelists Carolyn Brandon (CTIA), Michael Calabrese (New America Foundation), and Simon Wilkie (USC Center for Communication Law & Policy). I had the chance to discuss Loopt with a couple of cool policy-tech blogger dudes as well - National Journal, TPS: Getting To Know Loopt and Hey, Verizon! Where you at?
FTC's Town Hall Meeting. "Beyond Voice: Mapping the Mobile Marketplace"
We're also confirmed to participate on a panel regarding location-based services at this FTC Town Hall Meeting, during the afternoon of Tuesday, May 6, from approximately 1:30 PM - 2:30 PM. We appreciated the FTC's offer to participate, and look forward to continuing to develop and evolve LBS industry best practices in cooperation with such interested government entities, as well as other LBS companies, NGOs, and the like.
Questions, comments, ideas? Please holla! privacy@loopt.com.
Cheers, Brian (Chief Privacy Officer)
Feedback