Spatial Law and Policy Update (July 25, 2016)

LEGAL DISCIPLINES

Privacy/Data Protection/Cybersecurity

Pokémon Go has revealed a new battleground for virtual privacy  (Business Insider)

EPIC Ask FTC to Investigate Privacy Risks of Pokemon GO  (EPIC)

Digital toxic waste (or why metadata shouldn’t live forever)  (TechCrunch) Location data is considered metadata in many organizations. 

New iPhone app maps concealed carry permit holders  (Guns.com)

Zipcar Can Now Track How Many People See Its Rolling Ad Campaign in Seattle and D.C.  (AdWeek) " Wrapify uses telemetry data from the car to track drivers' real-time location on a map, and pairs it with anonymized data from other sources to understand how many cars nearby see the message"

Data Quality/Errors

Faking 'Pokémon GO' GPS Location Using iPhone Jailbreak App  (Forbes)

Licensing/Intellectual Property Rights

Government

    Spatial Data Infrastructure/Open Data

    We Want to Hear from You: What Is the Value of Open Data for Developing Economies?  (GovLab)

    NYC Open Data Progress Report  

    Meta-data retention, de-anonymising the Census, de-funding the OAIC & delaying the OGP  

    

    Public Safety/Law Enforcement/National Security

    Federal judge tosses drug evidence because DEA didn't get warrant for 'StingRay' cellphone tracking  (ABA Journal)

TECHNOLOGY PLATFORMS

GNSS

Belton woman accused of DWI with child in car, blames GPS for crash  (WacoTrib)

UAVs

Utah Votes to Let Authorities Disable Drones Near Wildfires  (ABC News)

Flying an unregistered drone in Ghana could send you to jail for 30 years  (Quartz)

The rise of the drones: Do the draft DGCA guidelines balance caution and freedom?  (The News Minute)

Internet of Things/Smart Grid/Intelligent Transportation Systems

Regulator: Tesla crash shouldn't hinder self-driving research (engadget)

China bans highway testing of autonomous cars pending regulation  (Automotive News)

Remote Sensing

Commercial Space Needs Regulatory Clarity  (Breaking Defense)

DigitalGlobe says WorldView-2 operational after “debris causing event” (SpaceNews)

Crowdsourcing

Crowdsourcing Story Maps and Privacy  

MISCELLANEOUS

Baidu uses millions of users’ location data to make predictions  (New Scientist)

Spatial Law and Policy UAV Update (December 4, 2014)

Each week the Centre for Spatial Law and Policy prepares an update for its members. The following are UAV-related links from the past week.

Spy balloons give police new view of Jerusalem  (AP)

Source: FAA will require Commercial Drone Operators to Have a License, Fly in Daylight  (Directions)

Privacy, data protection and ethical risks in civil RPAS operations - Final Report  

Legal framework for UAV operations in Canada  (Dronologista)

Rules For Drones  (TechCrunch)

Senators Demanding Action On Drones Is Too Little Too Late  (Forbes)

State registry for commercial drones on hold  (Daily Astorian)

Spatial Law and Policy Update - Location Privacy

Each week the Centre for Spatial Law and Policy prepares an update for its members. The following are location privacy-related links from the past week.

3 NY GOP assemblymen sign on to bill to bar use of GPS devices to track people  (DailyNews)

Canada Privacy Law Hampered Intelligence Sharing  (WSJ)

New York Senator Proposes Legislation to Outlaw GPS Tracking   (kfpk)

Revealed: how Whisper app tracks ‘anonymous’ users  (The Guardian)

Whisper’s Privacy Problem: Sen. Rockefeller Pushes for Probe While Editorial Team Is Suspended Pending Review  (PoGo was right)

Spatial Law and Policy Update (October 8, 2014)

Privacy

Exclusive: Hundreds Of Devices Hidden Inside New York City Phone Booths  (BuzzFeed)

New York City Shuts Down Unauthorized Sensors  (WSJ) A follow up to the link above. Geo organizations can learn a great deal from this matter. 

'God View': Uber Allegedly Stalked Users For Party-Goers' Viewing Pleasure (Updated)  (Forbes) As I mentioned to someone recently, I am increasingly convinced that geolocation privacy laws are going to arise due to acts of the non-traditional geospatial community, will have much broader ramifications than anticipated which will go largely unnoticed until too late.

 Licensing

Creative Commons Letter  "Together, we agreed that licenses alone will not achieve our dream of greater access to knowledge and culture worldwide. Laws must change too." 

Data Quality

Map error hastened Napoleon’s Waterloo defeat  (The Telegraph) "We compared the printed map used on the battlefield with the original handdrawn one it was copied from,” Mr Ferrand said. “We realised it was a printing error". 

Government

      

    Public Safety/Law Enforcement/National Security

    The brand new „No-Spy-Decree“ – Consequences for Public Contracts with Foreign Undertakings  (TaylorWessing) The law "requires a guarantee that at the time of the submission of the offer they do not face any legal obligation to disclose confidential information, business or trade secrecies to foreign intelligence services. If disclosure obligations arise after the conclusion of the public contract, the supplier is obliged to inform the contracting authority that he will not be able to comply with the no spy obligation."

    Tech companies say NSA spying harms competitiveness  (USA Today) See above. 

    Taiwan Close to Completion of their Own Map for the South China Sea  (ASM) Maps can serve a variety of purposes.

Technology Platforms

UAVs

CBP Complies With Privacy Laws For UAS Surveillance, Audit Finds (HS Today)

Finally, Here's Every Organization Allowed to Fly Drones in the US  (MotherBoard)

Use of UAVs for Commercial Purposes in U.S.: Privacy Measures  (Spatial Law and Policy Blog)

America can’t lead the world in innovation if the FAA keeps dragging its feet on drone rules  (Washington Post) 

Shooting Your Neighbor's Drone May Be Illegal—And It May Not  (ReadWrite)

Internet of Things/Smart Grid/Intelligent Transportation Systems

National Highway Traffic Safety Administration Considers Privacy Implications for New Vehicle-to-Vehicle Technology  (Data Privacy Monitor)

Connected Cars – legal issues and hurdles!  (IPT Italy Blog)

Geolocation Privacy and the Smart Grid: Department of Energy's Proposed Voluntary Code of Conduct  (Spatial Law and Policy Blog)

Space-based Remote Sensing

The U.S. and India Sign a Collaboration Agreement for Earth Observation and Mars Exploration (Sensors & Systems)

Japan Launches Next-generation Weather Satellite  (SpaceNews)

China, Venezuela To Collaborate on New Earth Observing Satellite  (SpaceNews) 

Crowdsourcing

Missing Maps: nothing less than a human genome project for cities  (The Guardian)

Google’s Waze announces government data exchange program with 10 initial partners  (TNW) I have been saying for a while that the geo-ecosystem is increasingly one in which industry, government and the "crowd" are both data providers and data users, often at the same time. This is another example. What this means from a legal/policy standpoint is that a law/regulation that impacts one segment will likely impact the other segments as well. Many (most?) lawmakers are unaware of this unique aspect of geospatial community. 

Miscellaneous

Emerging Technology and Existing Law: Can Geofencing Provide Radio Webcasters a Workaround of Digital Performance Royalties?  An interesting article on the impact that geo can have on existing legal constructs.

Upcoming Programs

GEOGRAPHY2050  (November 19, 2014, New York, New York)

Use of UAVs for Commercial Purposes in U.S.: Privacy Measures

Now that the Federal Aviation Administration (FAA) has begun to allow UAVs to be used for commercial purposes in the U.S. (albeit for limited purposes) one should expect there to be increased attention paid to the potential privacy concerns. That is why I found reports of a recent Government Accountability Office’s (GAO) audit of the U.S. Customs and Border Protection’s (CBP) privacy practice with respect to its use of UAVs to be of value.  In its presentation, the GAO reported that the CBP had developed appropriate procedures to protect civil liberties and privacy. While commercial operators are subject to different laws and policies than U.S. government agencies, the GAO audit is instructive as to some of the measures operators should consider as they begin to use UAVs for commercial purposes. 

The GAO noted that the CBP primarily operated UAVs only within the designated areas to help ensure that sensors “only capture images and information necessary for the authorized mission” The limited deviations outside of the designated areas were primarily due to weather and pilot error.

The GAO also found that the CBP took a number of measures to ensure that the imagery and radar data that was collected was properly secured, stored and disseminated. These measures included: (i) encrypting the transmission of UAV video; (ii)  restricting access to real-time video to authorized users; (iii) restricting disclosure of analytical products that contain UAV-obtained images; (iv) identifying sensitive information prior to disclosure; (v)  maintaining a log to track the dissemination of all analytical products that contain UAV-obtained images; and (vi)  handling UAV-obtained images that are to be used as evidence in accordance with rules of evidence.

The GAO noted that all CBP employees are required to complete annual training in privacy awareness, civil rights and civil liberties, ethics and the CBP Code of Conduct. In addition, law enforcement officers must take additional training focused on privacy, civil rights, and civil liberties issues related to the collection, processing and safeguarding of evidence.

UAVs are increasingly being seen as disruptive technology, causing lawmakers and regulators at both the federal and state level to take a hard look at means to protect privacy from overhead sensors. As a result, operators of UAVs should keep the measures cited above in mind as they begin commercial operations, particularly if they are working on behalf of government clients. (It is interesting to note that CBP apparently takes these measures even though its UAVs fly “primarily at an altitude between 19,000 and 28,000 feet, where the video images do not permit identification of individuals or license plates.”)  

What is Spatial Law and Why is it Important?

Last week (September 18, 2014) I had the opportunity to speak at the Yale University Information Society Project (ISP) "Ideas" Lunch.  A copy of my presentation, "What is Spatial Law and Why is it Important" can be found here.  

Recent Federal Trade Commission (FTC) Settlement Will Make It Harder to Collect and Share Geoinformation In US.

The Federal Trade Commission" (FTC) recently entered into a settlement (subject to final approval) that will have a significant impact on the entire geospatial community. The settlement, in connection with In re Goldenshores Technologies, LLC , involved the collection of "geolocation information" from a mobile device app.  Geolocation information is defined in the settlement documents as "precise geolocation data of an individual or mobile device, including but not limited to GPS-based, WiFi-based, or cell-based location information." [emphasis added]

Goldenshores Technologies, LLC  ("Goldenshores") developed “Brightest Flashlight Free,  a free, ad-supported app that enables the device to act as a flashlight. According to the FTC, the app transmits when running, or could transmit, the device’s “precise geolocation along with persistent device identifiers that can be used to track a user’s location over time” to third parties, including advertisers. The FTC alleged that the app collected (and shared) the device's location prior to obtaining the individual's permission and did not adequately disclose with whom the information was shared.  According to the FTC, such practices are prohibited under Section 5(a) of the FTC Act as "deceptive and unfair acts or practices in or affecting commerce".

The settlement states that  Goldenshores' apps must . . . " not collect, transmit, or allow the transmission of such [geolocation] information unless such application: 

A. Clearly and prominently, immediately prior to the initial collection of or
transmission of such information, and on a separate screen . . .  " states

1. That such application collects, transmits, or allows the transmission of,
geolocation information;

2. How geolocation information may be used;

3. Why such application is accessing geolocation information; and

4. The identity or specific categories of third parties that receive geolocation
information directly or indirectly from such application; and

B. Obtains affirmative express consent from the consumer to the transmission of
such information". [emphasis added]

The settlement only applies to mobile apps, however  its impact will be felt throughout the geopatial community. 

First, the FTC's definition of geolocation information to be protected is broad and imprecise.  For example, it includes location information collected from GPS, WiFi or cell towers.  Those familiar with geospatial technology will recognize that these technologies collect location in a number of applications and with varying degrees of precision. Also, it applies to location information collected on an individual or a mobile device. Moreover, the definition states that it includes, but is not limited to location information collected from those technologies. This suggests that other location-enabling technologies may also be subject to privacy scrutiny, which is important because the FTC has very broad enforcement powers. As a result of this broad definition, it will become increasingly difficult for a broad range of geospatial technology companies to determine if they need to include a privacy statement when collecting location information.

Second, the settlement states that before an app can transfer geolocation information collected from a mobile device to a third party, it must obtain "affirmative express consent" from an individual after providing proper notice. Such notice must include "[t]he identity or specific categories of third parties that receive geolocation information directly or indirectly from such application." 

Anyone following the geospatial community over the past few years knows that new markets and opportunities for location data are continuously developing. Many of these new opportunities rely on location data from mobile devices. In this environment, it will be very challenging to provide consumers proper notice as which third parties will receive the location data or how it will be used. As a result of the In re Goldenshores Technologies, LLC settlement, companies will need to go back and get consumer authorization each time they wish to change with whom they will share location information.  Alternatively, they may decide that this is cost prohibitive and decide not to enter into that market. 

The settlement should also result in both geospatial data providers and data users updating their terms of use and/or license agreements. In light of the settlement, users of geospatial data may consider obtaining a representation from a data provider that the data has been collected in a manner that adequately protects a consumer’ privacy and that the consumer has agreed to have it distributed for this particular purpose. Data providers may seek a covenant from customers that their geospatial data will not be aggregated with third party data in ways that will infringe upon consumer privacy.