 |
 |
 |
 |
 |
 |
|||||||
 |
|
|
|
|
|
|
|
|
|
|
|
|
No Place to Hide? Compliance & Contractual Issues in the Use of Location-Aware Technologies Francoise Gilbert © 2008 IT Law Group – All Rights Reserved |
||
|
|
|
Today’s radio and cellular phone technologies do much more than provide the tools for placing and receiving phone calls or checking one’s mail while at the local coffee shop. Alerts and notifications in the form of text or voice messages reach us on our cellular phones and other handheld devices. Reminders and updates about upcoming flights are sent to the traveler’s phone or Blackberry. So are stock or news updates. While these applications take advantage of cellular phones and other wireless technologies, they are not location aware. The airline will inform the passenger of a delay in his flight in the same manner, and at the same time, whether the passenger is riding in a taxi to the airport or still negotiating a deal in a conference room. Radio frequencies, telephone communications, and global positioning systems may be used to send dynamic data to and about moving individuals or moving objects. Car GPS systems have saved many stranded taxi drivers. EZPass and FasTrak RFID toll tags are shortening the wait at toll lanes of state-owned toll bridges, tunnels, and expressways. The collected information may be combined with other data before the results of the query or processing are transmitted to the end user. For example, with little effort, a salesperson may be able to display on his telephone a map that shows those company clients that are located within walking distance of the café from which he is making the query while sipping his latte. The device has identified the location of the salesperson’s phone, interrogated the company’s database of clients, and selected those whose physical address was within a set distance from the location of the café. The ability to obtain the location of an individual with some certainty and precision has opened the door to new uses of radio, telecommunication, and satellite technologies. The use of these technologies raises numerous legal and other issues, from privacy to quality and accuracy of the information collected or provided, to liability for unwanted interception of the data that is transmitted wirelessly. After describing common uses of these technologies, this article explores selected legal issues raised by the use of these technologies and provides suggestions for contract terms in agreements for services associated with location aware technologies. Locations Aware Technologies Providing information to individuals based on where they are located or tracking people or objects typically requires radio frequency, cellular phone identification, or global positioning obtained from satellites. Several technologies are currently used. RFID RFID, or radio frequency identification devices, are minuscule microchips attached to an antenna that can receive and transmit location and other information by means of radio waves. Most RFID tags have ranges up to 35 feet. RFID tags enable an individual item to be given a unique identifier number instead of a product code. Many of us use an EZPass tag or similar device to automatically pay toll fees for access to tunnels, bridges, and expressways. Subway systems, such as the London Tube use smart card equipped with RFID tags as part of their payment systems to speed up the payment of subway fares by passengers. Manufacturing and supply chain management companies use RFID tags to identify parts to be assembled together. Airports use RFID tags to track passenger baggage. Warehouses and distribution companies may use RFID on pallets to track goods between warehouses and stores. Wal-Mart, for example, recently required its providers to attach RFID tags to pallets of goods to be delivered to its stores. Once installed, the RFID tag may be used for inventory control. RFID tags are also often used for fraud prevention. The RFID tag triggers an alarm when the item is taken out of a defined perimeter. Longs Drugs, for example, has equipped all of its shopping carts with RFID tags so that the cartwheels are blocked if the customer attempts to take the cart out of the store area. RFID tags are beginning to be used for identification and to monitor people or livestock. Some schools have attempted to use RFID tags to track kindergartners and prevent them from wandering to areas where they cannot be supervised. Some clinics are using similar devices with Alzheimer patients. If the signal indicates that the patient might be walking outside the clinic, the medical staff could quickly find the patient and prevent any harmful escape from the protected area. RFID technology is also used in some proximity cards used to give access to buildings or other protected area. Instead of swiping a card in a reader, a company employee simply waves his wallet in front of the reader. Cell-ID Positioning Technology When we use our cellular phones, our ability to make a call is related to the proximity of a tower that captures our message and transfers it to the identified recipient. In urban areas, towers are relatively close to each other. The tower is able to identify the individual’s phone by using cell-ID positioning technology. After comparing the strength of signals received from several towers, the system is able to determine the approximate coordinates of a cellular phone. Location information obtained from the position of a cellular phone is essential to allow communications between callers. In addition, it can be used, for example, for marketing and sales purposes. Companies are designing advertising messages that fit the size of the screen of a cell phone. They use location-based service providers to target advertising messages at mobile phones that enter a particular area within close proximity of the store where they are having a promotion. For example, while walking on Fifth Avenue in New York, a shopper might be alerted through a text message on her cellular phone that Sak’s is offering a 30 percent discount in its designer shoe department for the next hour. GLOBAL POSITIONING SYSTEMS; Geographic Information Systems Global positioning systems (or GPS) use location information transmitted by satellite. The precision of the information provided by a GPS equipped device is now less than a few yards. More sophisticated systems use real time kinematics (RTK) GPS, which is able to ensure positioning within less than a few inches. We are familiar with the use of GPS systems in government and military applications. Years ago, the Gulf War showed us, live, how the military was able to identify a target with an amazing precision. Nowadays, many non-military vehicles, telephones, and other handheld devices are equipped with GPS technology. Geographic information systems (GIS) and tools that use GPS are not just for mapmakers, navigators, or military analytics anymore. These technologies are becoming strategic components in a surprisingly diverse array of industries, from construction and trucking to marketing and health care1. GPS navigation systems, installed in cars or incorporated in phones and handheld devices, allow drivers to receive directions. They can also place queries for the closest restaurants, hotels, banks, or railroad stations. Moreover, companies use GIS to monitor their fleet and rearrange routes based on traffic or weather. Certain cities have equipped the local police with GPS and GIS and related software technologies to identify police cars and dispatch crews or emergency vehicles that are located closest to the site of a crime for increased efficiency. BENEFITS FROM USE OF RFID, GPS, AND LOCATION INFORMATION The use of RFID, telecommunication, and satellites to locate people or goods brings numerous benefits to society. These systems help us be more efficient and save us the time that would otherwise be needed to consult the yellow pages or read a map. We have the convenience of immediate access to information, such as directions, traffic information, or restaurant location. EZPass provides the ease of crossing the Golden Gate Bridge without scrambling for change. GPS and RFID also contribute to a better security. In-car GPS makes navigation more predictable, especially when combined with traffic information and suggestions for alternative routes to get around a blocked intersection. GPS provides access to more accurate location information. This is extremely useful in providing timely help in case of an emergency. RFID-based proximity cards provide greater security for buildings, while granting the authorized users easy access to the area. Location information may be used as evidence. If a crime is committed, individuals can be implicated or cleared based on location information. As a consequence, the availability of location information increases accountability. See, for example, the effect of the use of radars to detect speeding when this use is combined with the immediate issuance of a speeding ticket to the owner of the car. A user’s knowledge that someone can see his or her every move may prevent him or her from taking part in a criminal activity. This, in turn, brings more safety and security to society. CONCERNS ABOUT THE USE OF LOCATION AWARE TECHNOLOGIES With benefits come concerns and other issues, such as privacy, eavesdropping, stalking, or invasive advertising. PRIVACY Technologies that use location information require the collection of the coordinates of machines, equipment, and individuals. Consequently, one of the most important issues related to location aware technologies such as RFID or GPS is privacy. Both are (or have the potential to be) more invasive than other wireless technologies. Privacy concerns arise from the possibility that the data collected through the RFID tag or the GPS transponder may be combined with other data, such as customer credit card information. Cell-ID and GPS are usually attached to a particular device. Typically, the identity of the owner or user of that device is known or recorded, which allows identifying the location information of the device with that of its owner. Most RFID tags can collect no other information than the location of a product. However, if the product information is combined with data that identifies a specific individual, such as credit card or loyalty card information, then the combined data is likely to contain personal data. RE-USES OF PERSONAL INFORMATION Whether or not RFID tags collect information, they can be combined with other tools that do collect or contain personal information, such as loyalty cards or driver’s licenses. Once the information is collected, the store or other data collector may want to reuse the information. RFID tags enable locating a person’s position inside a building and associating it with a database. A customer who returns to a store wearing or carrying a product (e.g., a T-shirt or a loyalty card) that contains a tag could be identified in the aisle and recognized. Targeted marketing or advertising materials could be presented to her. RFID tags that are not deactivated, disabled, or removed at the point of sale or issuance have the potential to allow the continued tracking of the customer when customer returns to the store, goes to other stores in the chain, or encounters anyone equipped with a RFID tag reader The results of searches and queries made through use of location-based services could also be collected and compiled to create customer profiles and identify purchasing preferences and interests. These profiles could be used for marketing and advertising other products to encourage to additional purchases of similar or related products. SNOOPING AND EAVESDROPPING Access to travel patterns or other queries might also give rise to snooping or monitoring of individuals by vendors or employers. Others may fraudulently attempt to access the information. A criminal might install an RFID reader near a store exit and use the RFID tags to read and collect personally identifiable information. LACK OF CONTROL Many individuals are not aware of the existence of products bearing RFID tags. Nor do they suspect that the so-convenient location-based services with travel or direction information may be recording their travel patterns. Without the proper safeguards, personal information may be collected without the user’s consent. As a result, individuals cannot control whether information is collected or who has access to the location information and other information, whether for direct uses or for secondary uses. SECURITY Once the information is collected, it can be stored in databases. As recent events have demonstrated, many databases are vulnerable to hackers, disgruntled employees, and other breaches of security that cause data spills. When a breach of security occurs, there is a risk that the information collected will be accessed by unauthorized third parties. Personal information could be misused. ERRORS AND TECHNOLOGY GLITCHES Errors and technology glitches could result in spoilage of the data and incorrect results. Inaccurate information could be collected. Products could be charged to the wrong customer. Wrong directions could be provided, causing vehicles to be lost or end up in a ravine. Access to classified information or to protected areas or buildings could be given to the wrong visitor. The wrong person might be held liable for a crime or fraud. MISUSES OF THE INFORMATION To the extent that RFID, GIS, and other location-based applications would contribute to creation of databases of personal information, the loss of, or unauthorized access to this information could have dramatic consequences. This could include stalking and other crimes. If there is other value for this information, pretexting might be used to obtain the information for unrelated purposes. PRIVACY LEGAL ISSUES The Communications Act of 1934, as amended, regulates telecommunications carriers. Section 222 of the Communications Act provides that every telecommunications carrier has a duty to protect the confidentiality of proprietary information of customers. In addition, § 222 prohibits the secondary use of information obtained from another carrier for purposes of providing telephone service and prohibits the use of this information for the company’s own marketing efforts. In April 2007, The US Federal Communications Commission (FCC) revised its privacy rules for customer proprietary network information (CPNI). The order places tighter restrictions on telecommunications companies regarding the release of customer records. Carriers will now be required to obtain explicit (opt-in) consent from a customer before disclosing a customer’s CPNI to a carrier’s joint venture partners or independent contractors for the purpose of marketing communications-related services to that customer. In addition, carriers may not release customer records unless the customer provides a password. Otherwise, the records may be sent to the address of record or provided by the telecom company calling the telephone number of record. Companies are also required to inform customers about changes made to their accounts and must obtain customer consent before sharing data with a third party. LOCATION INFORMATION There is no specific regulation for location information or location based services. A bill introduced in 2001, the Location Privacy Protection Act of 2001, did not pass the committee level. The Location Privacy Protection Act of 2001 would have required wireless service providers to notify their customers when collecting location information that can be gleaned by homing in on the signal transmitted by wireless devices and would have required that wireless service providers obtain consent from customers before harvesting their location information. The wireless industry has developed consent-based guidelines for the development of wireless advertising. The FCC turned down the request by the wireless industry to adopt location information privacy rules. These rules were based on the privacy principles of notice, consent, security, and integrity of consumer data. RFID There is also little regulation of privacy issues in the use of RFID devices. Bills are introduced periodically to address the subject. In the first quarter of 2007, HB 1031 was introduced in the House. The bill would require parties to obtain consent from consumers before using RFID to collect, maintain, and disclose information about them. States have been actively looking at privacy issues in the use of RFID. In 2006, at least two states passed RFID laws, and 17 states introduced RFID bills. New Hampshire’s HB 1738 prohibits the use of RFID to identify ownership of a vehicle or the identity of a vehicle’s occupant, while Wisconsin’s AB 290 prohibits any individual from forcing another to undergo the implanting of an RFID chip in that person’s body. California passed a law that related to the use of RFID in drivers licenses, but the Governor vetoed it. The 2007 legislative year has also seen numerous proposals appear before state legislatures. In Washington, for example, the proposed Electronic Bill of Rights would ban the use of RFID in retail settings in Washington state. In California, six bills were pending as of April 2007. SB 28 would prohibit use of RFID in driver’s license; SB 29 would prohibit the use of RFID for monitoring students (e.g., recording attendance of pupil in school); SB 30 would prohibit the use of RFID in Identification documents; SB 31 would criminalize remotely reading of RFID on identification documents without knowledge or consent of the person and punish these offenses with a prison term up to one year and a fine up to $5,000. In addition, SB 362 would prohibit any individual from forcing another to undergo the implanting of an RFID chip in that person’s body, and SB 388 would require any person that sells, furnishes, or issues a card or an item that contains RFID to provide specified information to the recipient. It is clear that there is great interest for these issues. As a result, it is likely that there will be an increased interest in regulating the field, in particular, if there is pressure from the states. SECURITY LEGAL ISSUES The use of RFID and location information creates numerous security concerns to ensure the protection of personal or sensitive information. The scope of security breach disclosure laws currently in effect is too narrow to apply to most potential data spills in databases of information collected through RFID, wireless, or GIS technologies. The crux of most security breach disclosure laws is the protection of Social Security numbers, driver license, and credit card information. While the disclosure requirement would allow identification of some spills, it would leave uncovered many other data losses. Some states, such as California, have enacted laws that require use of specific security measures. Similar to the security breach disclosure laws, these laws tend to focus on specific type of information that would not include location information. COMMERCIAL CONTRACTS Commercial contracts related to the provision of location-based services are likely to have complex structures because numerous entities might be involved. These entities could include, for example: 1. Telco (ATT, Verizon); 2. Advertising company; 3. Support (maps); 4. Information provider (e.g., traffic information, weather forecast): 5. Optimization technology service (mapping technology, fleet management technology); and 6. Search engines. HANDLING PERSONAL INFORMATION A great majority of location-based offerings use a person’s location to provide the requested services. The major concern of most individuals with respect to location-based services and the use of location information is with privacy. Laws, regulations, and industry practices are also creating pressure for companies to address data protection issues. The parties should negotiate provisions for the collection and protection of data. For example, will the device have the ability to collect personal information? Will performance of the service give the service provider the opportunity to view or access personal information? If personal information is available, what limitations should there be to collection, use, re-use, retention, or destruction of the information? If the service provider has direct contact with individuals, what information should be given to these individuals? What notice should be provided to individuals about the collection, use, or secondary uses of their information? Collection of Information The parties should define what personal information the service provider needs in order to provide the service. For example, to provide map information to the salesperson looking to organize his sales call, the mapping company might need the nature of the query and the geographic location of the device. The service provider would not need to know who placed the query, from which device the request was placed (other than, perhaps the operating system), or to have the actual phone number of the salesperson’s device where he will receive the map. When the minimum necessary for the provision of the service is identified, the contract would limit the collection of information and access to that information to that which is specified by the client. Limitation to Use of the Data When addressing limitations to the use of the data necessary for the provision of the service or the data created as a result of the use of the service, it might be necessary or appropriate to distinguish between different categories of data. While personal information related to billing, invoicing, or account numbers might need to flow freely (although with appropriate restraints to avoid the disclosure of credit card numbers), the location information might be subject to more restrictions. Thus confidentiality, security, and other clauses that relate to the handling, use, protection, and dissemination of information might need to use granularity and different requirements depending on the nature of the information to be protected. Quality and Data Integrity The client will wish to ensure the quality and accuracy of the information collected. Quality of the information is essential to ensure the quality of the services. It is also crucial for providing the needed help in case of an emergency. The parties should require that those who collect, create, maintain, use, disclose, or distribute location information ensure that the information is accurate and complete for the purpose of the contract. Otherwise, under the garbage-in garbage-out principle, the service will furnish inaccurate results. The wrong person will be charged for a product purchase; the wrong route will be displayed on the map, and the ambulance will arrive too late to save the stroke patient. Confidentiality and Security Adequate security measures should be required to ensure the protection of the personal and other information. Recent events have shown that databases and computer systems are vulnerable to numerous types of attacks. When data is accessed, the individuals or institutions to which the data pertain are at a higher risk of harm. Since several organizations may access or transmit personal or confidential data, the risk of losing or misplacing information grows exponentially. Those who collect or hold the information must make sure that the information is kept secure. Each entity involved in the provision of the service should be required to take appropriate confidentiality and security measures, including an obligation to require their subcontractors to implement the same measures. Protecting the confidentiality and security of the personal data and company data collected should be a crucial component of any contract associated with the provision of location-based services. The contract should define what security measures are to be used in order to protect the location information and the personal information to which the other company may receive access. The measures to be taken should be designed to prevent unauthorized use, access, disclosure, or alteration. The contract clause(s) should provide specific and detailed information, such as: 1. Who may have access to the location information; 2. What restrictions will be placed on organizations that handle location information; and 3. What should be done to ensure the protection of personal or sensitive information at each stage of the contract. The parties may need to tailor the security measures to the nature and type of information collected or used. The measures should take into account that information stored on RFID tags and other devices might also be vulnerable to outsiders. Anyone with a suitable reader can scan an RFID tag unless adequate measures have been taken to protect the information. Thus, the information on the tags would require encryption or similar security measures to prevent attacks after the product or customer has left the perimeter of the store or facilities. Data Retention and Destruction There is a high risk in preserving certain data, such as personal data, longer than necessary to fulfill the services required and comply with legal requirements. The parties should evaluate the appropriateness, utility, and risk of preserving the information longer (e.g., e-discovery issues). Retention of information should be limited to the period reasonably needed to complete the transaction required by the customer Longer retention periods may be necessary in certain cases, such as for credit card transaction, consistent with rules set by the credit card companies such as VISA or MasterCard. Remember, as well, that data stored may have to be destroyed. What are the service provider’s data retention and destruction practices? Awareness of, and compliance with the provisions of the recent e-discovery amendments to the Federal Rules of Civil Procedure should also be ensured. Consider provisions for appropriate data retention or destruction and cooperation in handling discovery requests. Rights of Individuals; Access and Modification Since location-based services use, collect, or process a lot of personal information, the parties may consider discussing whether individuals (data subjects) will be granted the ability to access the information collected, such as account, transaction, or contact information. Also consider providing individuals with the right to make changes to this information, including changes to marketing permissions. If this right of access and modification is granted, then the companies should have adequate processes or mechanisms to allow individuals access to their information and provide them a report of the collected information. Methods for verification of the identity of those who have access to the information would have to be implemented to reduce the risk of unauthorized access to personal or confidential data. Limitations to Use and Re-Use of Information As always, personal information, purchasing patterns, travel schedules, and the like are of great interest to advertisers. The parties to location-based services should discuss whether any of the entities involved might have access to the data subjects’ contact information and profiles. For those who have access to this information, clear guidelines should be set forth about the ability or not to use or re-use the personal information other than to fulfill the contract. This information is crucial because it has to be cross-referenced with several other documents, such as the privacy policy of the entity that enrolls the customer. It also needs to be consistent with each of the services and subcontractors agreement so that discrepancies and unexpected data leaks or misuses are avoided. CONTENT Some location-based services rely on third-party content. For example, a phone company may offer customers the latest movie show times. It may display restaurant locations on maps. This content may not be used or displayed without the appropriate license. As part of the pre-contract due diligence, the entity that will use this content to provide the services should verify the service provider’s ability to license and distribute the content for the contemplated purposes. The analysis should include, for example, questions as to the content and scope of the licenses. Do the company’s existing licenses apply to the range of new services to be offered? Does a license for distribution via the Internet also include a license for distribution via handheld device? Other questions would need to be raised. What content will be provided to the customer’s personnel or clients? What criteria for the quality, such as completeness and accuracy of the maps being used? What updates will be provided? How frequently will modifications or corrections be made? TECHNICAL ISSUES In addition to privacy and content issues, the use of GIS and GPS raises numerous technical issues. While the technical teams must first resolve them, these issues also need to be reflected in the related services agreements. Accuracy There should be a clear understanding of the technical capabilities of the system, particularly with respect to accuracy of the data. For example, if a delivery truck must deliver packages to several businesses located next door to each other on a street, will the system be able to analyze the GPS data with sufficient precision to ensure accuracy of reporting? Will the deliveries to Starbucks coffee shop be mixed with those of Noah’s Bagel, whose store is adjacent? Integration Another potential challenge is integration. The companies may face challenges when integrating applications based on GPS or GIS with each other and with other applications that must send or receive geospatial data. The product functionalities and the representations and warranties made or received should accurately reflect the understanding and expectations of the parties. Image Resolution There might be concerns about the quality of the images. There may be circumstances when getting two sets of GPS coordinates to match can be difficult because available maps from different service providers may provide different granularity of image resolution. The shortcomings of the technologies or underlying products should be explained clearly to the customer, and the contract provisions or exhibits should state these issues and limits. Availability and Response Times If an application requires access to certain databases, the continued availability of the database for the life of the contract should be part of the terms and conditions of the contract. There might be a similar need to specify the speed of access and response times, and to ensure proper commitments from the database or technology provider. Cellular Coverage Since these applications may require the use of cellular networks, there should be proper cellular network coverage. While GPS receivers can usually receive GPS signals from satellites, they may not always be able to relay the information to the company’s head office because of deficiencies in the cellular network. USE OF SUBCONTRACTORS Contract for services rely in great part on the quality of the service provider. An individual or an organization will retain a particular service provider for its reputation and the quality of its work or services. In many cases, the customer has conducted a thorough due diligence before choosing one vendor. To ensure that quality standards are maintained, the services agreements should discuss the use subcontractors and define restrictions on their use. Consider, for example, the obligations to ensure confidentiality and security of personal and other confidential data or the restriction on the uses or reuses of data. COMPLIANCE WITH APPLICABLE LAWS A party to a manufacturing agreement or supply agreement may wish to specify in the agreement whether the deliverable will contain any radio frequency device. If RFID tags are used, the purchaser would need appropriate warranties and representations that the equipment will comply with the applicable FCC requirements. LIABILITY The information and data to be handled might be highly sensitive. There might be issues with content, and the technologies might have shortcomings. As a result, it is important that the parties agree on the appropriate allocation of liability for errors, delays, or system unavailability. Consider, for example:
EMPLOYMENT ISSUES RFID tags used in proximity cards to access buildings allow employers to have a precise record of employees’ entry and exit from the company’s premises. When offices are on several floors of a building or several buildings on a campus, the readers placed in different locations can provide a clear description of the wandering of personnel, how much time they spend in the cafeteria, or outside their own work area. Numerous location-based services applications pertain to the use of fleets and the dispatch of vehicles. When location-based services are used in fleet tracking, employers also have an opportunity to follow their employees thorough the day. This might cover not only activities on behalf of the company but also personal errands, which would be conducted during the lunch or other mandatory breaks. As a result, companies may find themselves in possession of personal details of their employees that might be totally unrelated to their jobs. For example, what if the delivery truck stops most of the time for lunch in front of the same liquor store? What should be done with this information and how can it be discarded from the system? POLICIES AND PROCEDURES Companies should consider setting guidelines and policies for the management of records from truck routes obtained as part of their use of the company fleet tracking system to ensure a balance between the legitimate need of the company to collect information about fleet location or employee location in order to ensure efficiency, and the need to avoid snooping on employee’s personal lives. The policies may define the specific purposes of collection of information and determine how long to keep the location information. The policies should also ensure respect for people’s personal life and ensure that inaccuracies in reported location do not adversely affect the individual being monitored. Appropriate training should be provided with the rollout of the guidelines. EMPLOYEE MANUALS AND EMPLOYEE CONSENTS In addition to the creation of policies, companies should update their employee manuals and employee agreements to reflect the changes in the company practices. The company should provide written notice to its personnel that tracking technologies are used in delivery trucks or handheld devices and explain the intended purpose of tracking the vehicle (not the employee) for fleet management purposes. Moreover, the company should inform personnel that by using the company’s tools the employee agrees to the monitoring and understands that personal information as to his or her whereabouts will be collected. The personnel should be clearly and conspicuously reminded that employees have no privacy with respect to their use of the company’s assets (e.g., the truck) and that their activities will be monitored through the use of the GPS or RFID devices. Employees’ consent to the use of the tracking technology should be obtained. Example of the French Rule France’s Data Protection Authority, the CNIL, recently issued regulations for the collection and use of information collected from tracking vehicles 2. This rule may serve as an example of best practices for the implementation of internal policies by US companies. The French rule allows companies to track company-owned vehicles, but establishes restrictions. French companies that use satellite-based tracking devices to track vehicles driven by their employees must limit the scope of their monitoring programs and the retention of the data. GPS-based tracking systems may be used only to ensure the safety of employees, customers, or merchandise during transit operations and to improve the efficiency of vehicle fleet management. The use must be limited to working hours (excluding lunch hours and official breaks). Use is acceptable only when other forms of ensuring security and efficiency objectives are unavailable. Further, the information collected must not be used to track employees’ driving habits, such as compliance with the speed limit. In addition, the French rule requires that employers inform employees of all geo-localization programs. To take into account that vehicles and other devices might be used outside of the company times (e.g., during a lunch break), the rule requires that the devices be programmed to allow employees to manually turn off the tracking system in company-owned vehicles. The French rule also requires that data from geo-localization should not be stored for more than 2 months (with some possibility of retaining some data for up to one year). B2C CONTRACTS When individuals purchase location-based services, such as directions, traffic information, or mapping to locate nearby stores, the related contracts should address many of the issues already described above with respect to the quality of the service and the reliability of the data. In addition, the contract must address privacy concerns of the customer. The exchange of location information may raise more concerns to individuals than sharing other data, such as their name or phone number. Thus, special attention should be given to the protection of the location data. USER’S CHOICE For the service to occur, the service provider needs the ability to locate the client. The cell phone or GPS transponder must be active. Nevertheless, at other times, when customers do not need the service, they may wish to turn off the location capability. Cellular phones can easily be turned off. In a car or other machine equipped with a GPS, the user may wish to deactivate the GPS transponder without shutting down the engine. The same issue arises for RFID tags, such as those that come with EZPass or FasTrak. Is there an off/on switch? Does the device, once attached to a car windshield, keep transmitting radio frequencies at all times? The service provider should take into account customers’ right or need to be left alone. To this end, product documentation, brochures, and terms of use should inform purchasers of the ability to switch off the transmittal of information. Device manufacturers might also consider delivering equipment that includes wireless or GPS devices with the broadcasting function turned off with appropriate instruction on how to turn on or shut down the wireless capability so that the customer does not unintentionally broadcast location information. In a related area—WIFI—California recently enacted a law that requires manufacturers of wireless computer network equipment used in small offices and homes to include a warning on the product about how consumers can secure their networks 3. PRIVACY Privacy and the use of personal data are of great concern to many individuals. To address privacy concerns, the service provider should use a privacy statement to notify users that the devices or service may be collecting information. In the United States, this may be a best practice since most US laws do not require privacy statements. Elsewhere, providing a notice of privacy practices may be required by law, for example, under the European Union data protection laws. In the privacy statement, the company would disclose what type of personal data will be needed and collected (e.g., identity, phone number, location) and the purposes for which the data will be used (e.g., searches, tracking). Individuals might wish to be informed, as well, when information about their location is generated and how this information is generated. Since location information appears to be more sensitive than other types of personal information, the contract (and the related technology) may provide for ways that the customer would give his or her consent to the collection of location information and ways to turn off the transponder. The user may also be offered choices regarding management and use of information. This would include the ability to access and edit permissions. The customer could define which disclosures are permitted and when the company may share data with third parties. The protection of the collected data is of equal importance. How long will the data be retained? The 2002 European Union Directive on E-Communications Privacy, to be implemented by the EU member states, for example, requires that location data be retained only for limited time. When data are retained, what security will be used to ensure that the data are not exposed to unwanted disclosure, access, or modification? The privacy statement or terms of service should also address marketing issues. There should be a clear notice that data (traffic data, location data, and non-contact information, such as prior searches) might be disclosed to third parties for marketing purposes. The customer should be given choice to prevent or agree to these disclosures. PRIVACY STATEMENT Recently, TRUSTe worked with the telecom industry to outline the content of a privacy statement that would conform to the Fair Information Practices that have been recommended by the Federal Trade Commissions and other organizations, such as the California Privacy Office. The proposed content of a privacy statement in the context of wireless services would include:
TECHNOLOGICAL CONSTRAINTS There are practical obstacles to the use of comprehensive privacy statements. One cannot post a full-length privacy statement on a RFID chip or a telephone screen. Companies have been scratching their heads to find appropriate ways to deliver privacy notices and options adapted to the wireless devices. Typical handheld devices are tiny and use small screens. They may also have limited power. It is not possible to deliver privacy information in the ways traditionally used with a desktop or laptop computer. Alternatives would include providing a full privacy statement in locations where the individuals can access them easily, for example, at a store or online or by delivery through the mails. A summary notice of the privacy statement, with a cross-reference to a URL or brochure, might be able to address the size and other constraints. If the transaction is conducted on a wireless device, the company may opt to deliver a short privacy notice that informs customers of the existence of the privacy statement, and directs them to another location where the full-length privacy statement may be available for review in its entirety. The company should deliver the full privacy statement as soon as practical in an appropriate medium, for example, through postal mail or email. For those devices that are equipped with viewing technology that is based on optimized protocols using a proxy server between the device and the content source, (e.g., WAP technology), it may be possible to add a privacy option and link the privacy button to the URL of the statement. If the transaction is conducted online, but not on a wireless device, the service provider may provide a link to the site where the full privacy statement is located. If the transaction is conducted offline, the service provider could deliver the full privacy statement separately, include it in the service contract, or include a clear and conspicuous statement in the product or service brochure that the full privacy statement is available by asking an associate. ADVERTISING AND MARKETING With the recent changes to the FCC regulations, companies that want to take advantage of location information for marketing and advertising may need to take additional precautions. In addition to the new FCC restrictions, companies must comply with several other laws before taking advantage of location information in connection with advertising and marketing. TELEPHONE CONSUMER PROTECTION ACT Messages that encourage the sale or purchase of a service are subject to the Telephone Consumer Protection Act (TCPA). The TCPA prohibits the use of auto-dialers to make sales calls to cell phone numbers. Companies cannot make sales calls to numbers registered on the do-not-call list. Thus, marketing and advertising messages can be sent only with prior express consent or if there is an established business relationship. CAN SPAM ACT Even after having established a business relationship, the company must ensure that messages comply with CAN SPAM Act. CAN SPAM regulates electronic messages, not just emails. Text messages are also be subject to the rules. The FCC has issued a rule under CAN SPAM to regulate messages sent through Internet-to-phone technology, that is, messages sent to a cell phone but with an Internet address, for example, cellphonenumber@verizon.net. Messages sent using the Internet-to-phone technology are subject to stricter regulations than emails sent to an email address. First, they must comply with the special requirements for text message, which are different from email. CAN SPAM requires “prior express authorization” before a text message can be sent, which can be given orally or in writing. In addition, the authorization request must include the following disclosures:
In addition to these special rules, promotional or commercial text messages must also comply with the general requirements under CAN SPAM. That is, commercial messages must identify the company and include an opt-out mechanism, which must function for at least 30 days. If the consumer elects to unsubscribe from receiving additional messages, the company must stop sending any other promotional messages within 10 days. ADVERTISING TO CHILDREN When contemplating the use of RFID and GPS devices with messages that might reach children, companies should also review the specific laws and industry standards, such as CARU advertising guidelines, that are intended to protect children’s privacy and curb certain advertising practices that might be too aggressive for youngsters. CONCLUSION RFID, GPS, and GIS are creating new opportunities for companies: better information, more accountability, better product management, and new ways to advertise. It is very exciting to think about all of these new possibilities and imagine how to take advantage of these new tools. With these additional capabilities come numerous restraints and constraints created by laws, regulations, best practices, and technology limitations. Contracts, policies, and procedures need to be changed to adapt to these new technologies. Failure to do so could expose companies to numerous risks, compliance problems, and liability for defective products.
_________________________ 1. Computerworld, Apr. 2, 2007, at 26. 2. Norme Simplifiee No. 51-Deliberation No. 2006-066/067 of Mar, 16, 2006. See, e.g., http://www.cnil.fr/fileadmin/documents/approfondir/dossier/geolocalisation/Guide-geolocalisation.pdf. 3. By October 1, 2007, manufacturers of wireless computer network equipment used in small offices and homes must include a warning on their products to inform consumers how they can secure their networks against outside users who piggyback on their connections. Notification must be provided in one of four ways: (1) apply a temporary sticker warning over the ports of a device; (2) include a warning in the configuration process of the installation of a device; (3) protect the device from use until the customer takes steps to secure the network; or (4) provide other protections that would be enabled before the equipment could be used without an affirmative act of the consumer.
© 2008 IT Law Group – All Rights Reserved |
||
|
|
|
