Workshop on Mobile Web Privacy

Joint Workshop on Mobile Web Privacy
Position Paper

Lukas Gundermann
Independent Centre for Privacy Protection Schleswig-Holstein, Germany
Düsternbrooker Weg 82
24105 Kiel, Germany
ld2@datenschutzzentrum.de
www.datenschutzzentrum.de

Introduction

The Independent Centre for Privacy Protection (Unabhängiges Landeszentrum für Datenschutz, ULD) is a official body responsible for privacy protection in Schleswig-Holstein, one of the 16 German states. It is headed by the Privacy Commissioner of Schleswig-Holstein, Dr. Helmut Bäumler. The ULD is participating in national and international projects in relation to privacy protection.

The workshop should help to find out which basic privacy functions must be implemented into the technical standards of the mobile web. Besides, suggestions for a legal framework should be given.

"Classic" traffic data

Since telecommunication techniques have changed from analogue to digital there has been the side effect that each communication process produces a lot of traffic data, such as: Who called whom at which time? With the growth of the Internet the problem has increased, mainly because on the internet traffic data contains additional information regarding services customers use (e.g. which electronic newspaper and which articles does a user read, which virtual shopping malls does he or she visit, what products does he or she buy or only look at). It is easy to use that data to create user profiles directly at the source of information on the web server.

In that situation it is important to minimise the volume of data necessary for an electronic communication process. Furthermore, it is essential to prevent unavoidable traffic data from being used to the disadvantage of the person concerned.

Location data as data of new quality

With the mobile web there occurs another type of data, location data. The existence of location data is not a completely new phenomenon. It was known already before WAP as a technical feature of the GSM standard. With GSM it is necessary to apply the service to have the information, in which cell the user (or rather the mobile phone) remains.

We have to be aware that there is a lot of information in location data. Firstly it indicates, where a person was at a certain time and date. If that applied to a great number of users it could serve to create a completely new kind of data base. There would be the technical possibility not only to know where someone is registered (which is the case in Germany) but also where he or she was standing at a certain time. Since the mobile phone (or any future device) has to stand by to send and receive messages at any time, it has to contact the basic net every minute or so and give information on its location. With this it would also be feasible to produce and store the pattern of movement of somebody over a longer period. It is not difficult to think of a lot of people, organisations and so on who would be interested in that.

Secondly the location data contains a particular information in connection to each telecommunication process. It can be considered as an additional category of traffic data. Now it also becomes known on what place a person was when he or she telephoned a certain number or looked for information on a web server.

Issues of the mobile web: More precise information and the danger of spreading it

The mobile web brings at least two major changes or problems. Firstly: With the new generation of services location data will be part of the service itself. The foreseen main usage is for the user’s convenience, e.g. becoming informed about shops, restaurants etc. in the surrounding area. Therefore it is no longer sufficient only to know the GSM-cell. To serve this purpose, location information has to be much more precise than in the past. From a technical point of view that can be achieved. But at the same time location data becomes much more detailed and brings new threads to privacy. Now not only the part of the town will be known but also the street or even the number of the house the user is standing in front of with the mobile device switched on.

The second new issue of location data in regards to mobile web relates to the question who exactly will process that data. As long as the telecommunication providers were the only ones to process the location data in the way mentioned above there was already the danger of misuse etc. But when so called value added services are produced by a third party it could become necessary to transmit the location data to that party. As a consequence the risk for the user’s privacy will increase. In this case it becomes crucial to restrict the transfer of location data to the absolute minimum. Here it will be of special interest, how the mobile web services will work on a technical level.

General recommendations for regulation: need for user’s consent

As to the type of mobile web applications serving the user’s convenience as mentioned above it is crucial from the privacy point of view that the service is only put to work if the user gives his or her clear and unambiguous consent. More problems arise when it comes to details. Is there a need for an opt in for every part of the service? For example: Does the user has to give a new consent after travelling from Hamburg to Munich? Is there the possibility only to give the consent for one service (e.g. restaurants around) an not for another one (shops around)? In our opinion the user must at least have the possibility to change his mind every time, the service is put to work. That could be implemented by giving him or her the opportunity to withdraw the consent at any time, for example by using a specific function at the mobile device.

Furthermore it has to be clear that the utilisation of any data collected while providing the service has to be strictly restricted to the original purpose. The use of the data for any different purposes is in principle only permitted if there is an opt in for that purpose by the user.

Another issue is the danger of profiling with its consequences like misuse of the respective information. It is obvious, that some of the services will only work when there is a profile of the users preferences. But as on the non mobile internet it is not always necessary to run a profile in a manner that it can be linked directly to the person who’s data are at stake. For a great number of services it is completely sufficient to only have the technical option to make sure that the profile is linkable to always the same user without a need of identifying him or her. That can be managed by employing user names the users pick themselves or by other techniques of so called identity management. In the near future there will be more sophisticated techniques available for that purpose.

Further points that must be kept in mind are the period for which the data is to be stored and the restrictions relating to the access of third parties. On the other hand the users must have access to their data. To make it easier for them there should be the possibility of online access.

Besides convenience services there are also others that seem more important and can at best be life-saving. As an example the telematic service in cars can be named. After noticing that the airbags have inflated the on-board computer contacts the ambulance and gives the exact locality of the vehicle.

Whereas the basic question for the need of consent seems to be of no great discussion relating to the above so called convenience services, that might be different when it comes to that second type of services. In that case, probably nobody would hesitate to apply for the use of the service. Here we have to watch very carefully what the terms of contract will be in particular. It certainly would be against any best practice if a user was forced to sign a contract that allowed the company to use the location data for any other purposes like direct marketing. Besides that it would also be against the law, for the consent not to be given voluntarily.

Existing and future legal provisions:

Already now it seems relatively clear that the provisions of both the German and the European law apply to location data as a subspecies of traffic data. But with a new imitative of the Commission of the European Communities there will remain no doubt. On the 12^th July 2000 the Commission published a proposal for a directive concerning the processing of personal data and the protection of privacy in the electronic communication sector. It is intended to replace the directive 97/66/EC to concentrate and adapt provisions for both the classic telecommunication sector (to which the above mentioned old directive applies) as well as the internet sector.

The proposal contains the definition of a new kind of data: location data. Article 9 rules that "these data may only be processed when they are made anonymous, or with the consent of the users or subscribers to the extent and for the duration necessary for the provision of a value added service." That comes close to the suggestions made above. But the provision also knows certain exceptions that have to be subject of further discussion.

Conclusions

When developing techniques of mobile use of the web it is essential to leave control over location data to the user. Beyond the general question whether location data might be processed at all the user should also be enabled to define the precision of location data and to choose the services and providers that are allowed to obtain it. The European Union and other law making authorities should implement these principles into the respective legal provisions.