Location privacy is increasingly becoming caught up in the larger discussion of internet privacy in the U.S. While not unexpected, it would be a mistake to include location privacy in the larger discussion without acknowledging some fundamental differences between location and other privacy concerns associated with the internet. For example:
- The concept of location privacy in a public setting is a new one. In the past we generally assumed that only two groups of people knew our location when we were in public: the people who saw us there and the people we told where we were going. In reality of course, the universe was much larger, as it included anyone that these people told. However, we often simply chose to ignore or forget this point. Today, we are coming to recognize that the potential size of the group that is "told" our location is the rest of the wired world. That may make many people uncomfortable - but does it rise to the level of an invasion of privacy from a legal standpoint? Also, those that argue that it is an invasion of privacy should be required to articulate exactly what constitutes the invasion of privacy and why: the collection of the data from the public place, the use of the data collected or the sharing of the data with third parties? Any attempt to regulate location privacy without a clear understanding of the differences between the three is likely to lead to legislation and regulation that is overly broad and result in unintended consequences.
- Location information is fundamentally different than other categories of information generally protected for privacy reasons, such as our credit card numbers, bank accounts or medical history. A person generally tries to protect against third parties obtaining the latter type of information unless they know exactly how it is going to be used. However, we give our location to strangers each time we go out into the public. An individual's location in public is also different from an individual's IP addresses or a record of the websites they have visited, as people don't generally disclose this information to others. As a result, it would be impractical - as well as inconsistent - to try and regulate location information in the same way as these other types of more personal information.
- Location data is just now being used to provide a growing number of critical governmental, societal and business services. The number and value of these services are increasing daily. Attempting to regulate the collection of location data without a full understanding of the technology and its vast potential could have a number of unintended consequences, including limiting the development of a number of critical governmental services. Such opportunity costs should be fully understood and explored before regulating location from a privacy standpoint. In addition, any such legislation should be narrowly tailored so as not to inhibit further growth of this important technology.
This is not to suggest that there are no privacy concerns associated with location. For example, there are legitimate concerns about protecting consumer’s location privacy against such threats as so-called “cyberstalking”. In addition, there are legitimate Fourth Amendment concerns associated with how the U.S. government collects location information, particularly over an extended period of time. However, experience suggests that trying to address such specific concerns in internet privacy legislation that already promises to be broad and far reaching will make things overly complicated and is unlikely to achieve the desired results. A better alternative would be to design specific legislation to address such concerns, such as making cyberstalking a crime.
Location is becoming an increasingly important and misunderstood component of our daily lives. As a result, it is not surprising that there are increased calls by politicians for the need to regulate the geolocation industry. However before attempting to address concerns over location privacy, it is critical to both fully understand the technology (and its benefits) and to identify which privacy concerns are legitimate. Attempting to regulate geolocation before doing so would be a mistake.