Given the interest
in location data, I have compiled some information on this. In
particular, the subject is considered in the context of the
Directive on Privacy and Electronic Communications 2002/58/EC. If
you would like to comment on this, please email
me. The page was last updated December 2005.
- What
is Location Data?
Location
data is defined under
Art. 2(c) of the Directive
on Privacy
and Electronic Communications 2002/58/EC (abbreviated DPEC)
as 'any
data processed in an
electronic communications network, indicating the geographic position
of the terminal equipment of a user of a publicly available electronic
communications service.' The geographic position of the terminal
equipment applies to computers, pdas and telephones (mobile or
landline).
|
More
specifically, Art. 9 of the
DPEC states that:
- Where location
data other than ,
relating to users or subscribers of public communications networks or
publicly available electronic communications services, can be
processed, such
data may only be processed when they
are made anonymous, or with the
consent of the users or subscribers to the extent and for the
duration
necessary for the provision of a value added service. The service
provider must inform the users or subscribers, prior to obtaining their
consent, of the type of location data other than traffic data which
will be processed, of the purposes and duration of the processing and
whether the data will be transmitted to a third party for the purpose
of providing the value added service. Users or subscribers shall be
given the possibility to withdraw their consent for the processing of
location data other than traffic data at any time.
|
- Where consent
of
the users or subscribers has been obtained for the processing of
location data other than traffic data, the user or subscriber must
continue to have the possibility, using a simple means and free of
charge, of temporarily refusing the processing of such data for each
connection to the network or for each transmission of a communication.
|
- Processing of
location data other than traffic data in accordance with paragraphs 1
and 2 must be restricted to persons acting under the authority of the
provider of the public communications network or publicly available
communications service or of the third party providing the value added
service, and must be restricted to what is necessary for the purposes
of providing the value added service.
|
|
Recital
18 of DPEC
provides that
'value added services may,
for example, consist
of advice on least expensive tariff packages, route guidance, traffic
information, weather forecasts and tourist information.'
Traffic Data is
defined
under Art. 2(b) of DPEC as 'any data processed
for the
purpose of the conveyance of a communication on an electronic
communications network or for the billing thereof.'
Art. 6 of
DPEC provides that:
|
- Traffic data
relating to subscribers and users processed and stored by the provider
of a public communications network or publicly available electronic
communications service must be erased or made anonymous when it is no
longer needed for the purpose of the transmission of a communication
without prejudice to paragraphs 2, 3 and 5 of this Article and Article
15(1).
|
- Traffic data
necessary for the purposes of subscriber billing and interconnection
payments may be processed. Such processing is permissible only up to
the end of the period during which the bill may lawfully be challenged
or payment pursued.
|
- For the purpose
of marketing electronic communications services or for the provision of
value added services, the provider of a publicly available electronic
communications service may process the data referred to in paragraph 1
to the extent and for the duration necessary for such services or
marketing, if the subscriber or user to whom the data relate has given
his/her consent. Users or subscribers shall be given the possibility to
withdraw their consent for the processing of traffic data at any
time.
|
- The service
provider must inform the subscriber or user of the types of traffic
data which are processed and of the duration of such processing for the
purposes mentioned in paragraph 2 and, prior to obtaining consent, for
the purposes mentioned in paragraph 3.
|
- Processing of
traffic data, in accordance with paragraphs 1, 2, 3 and 4, must be
restricted to persons acting under the authority of providers of the
public communications networks and publicly available electronic
communications services handling billing or traffic management,
customer enquiries, fraud detection, marketing electronic
communications services or providing a value added service, and must be
restricted to what is necessary for the purposes of such activities
|
- Paragraphs 1,
2,
3 and 5 shall apply without prejudice to the possibility for competent
bodies to be informed of traffic data in conformity with applicable
legislation with a view to settling disputes, in particular
interconnection or billing disputes.
|
Some
countries within the
European Union have implemented DPEC (see below).
- Links
Here
are links to the
relevant
articles on this subject.
Articles
- Linda
Ackerman, James Kempf, Toshio Miki, Wireless
Location
Privacy: Law and Policy in the U.S., EU and Japan, ISOC MEMBER
BRIEFING
#15, November, 2003
-
provides an overview of location data.
- Brad Smith, GPS-based
Games Raise Privacy Concerns, Wireless
Week September 1, 2003
- Schilit, B., et al., Wireless
location privacy protection, IEEE
Computer, Dec. 2003, pp 135 - 137, Volume: 36 , Issue: 12
- Mark Crichard, Privacy
and
electronic communications, Computer
Law & Security Report, Volume 19, Issue 4, July 2003, Pages 299-303
Other
Art.
29 Data Protection Working Party
Last updated December 2005
|