Location-Based Marketing and Services and GPS

Location-Based Marketing and Services and GPS

While the issues associated with E-911 are being ironed out, there is another category of location-based information that is less defensible: E-411. Unofficially, E-411 is the use of location information about wireless device users to tailor target marketing. The theory behind location-based marketing is that users can have instant access to information about opportunities around them: movie theaters, stores, and restaurants, to name a few. The marketing in this case might be in the form of a coupon to your favorite coffee bar that appears on your PDA as you drive past a new location or a commercial jingle for a department store that plays on your cell phone when you are in the parking lot outside a mall.

When you are on the wired Internet, you can order products from nearly anywhere at any time of the day or night. Physical stores, however, have hours of operation and specific locations. If you are in an unfamiliar part of town and are getting thirsty, coffee shops want to know. If you are on your way to a relative's house and need to pick up a last-minute gift, stores want to know. In many cases, simply knowing a user's location can enable companies to transmit meaningful information to the user. The concern you need to be aware of if you are developing an application for such a company is that the user should be in control of this information. It should be highly personalized, meaningful, transmitted only upon the user's initial consent, and turned off without hassle.

Wide potential exists with GPS and location-based technologies. GPS is seen in automobiles and sometimes integrated into wireless devices. Its primary function is to locate a user's latitude and longitude to provide maps, directions, or other requested information based on location. A movie theater might give a cell phone company the percentage of ticket sales that come from users who are directed to the theater while in the area. GPS and location-based marketing will be met with high success if they are implemented respectfully.

Push marketing, marketing that is unsolicited and pushed down to a user's wireless device, does not respect a user's privacy and should be used sparingly. Using a cell phone as an example, we note that making a phone call is inherently different from location transmission because the phone call has to be initiated. The user must dial and complete a call actively. Transmitting that user's location, however, is not initiated; it happens automatically any time the phone is on.

This location transmission could be dangerous if it gets into the wrong hands. The fact that you went to a medical clinic yesterday, for instance, should not be offered freely to any interested party. Medical information is typically protected in many instances, and wireless location-based information should not preempt this protection. If health insurance companies knew your history of doctor visits, they could increase your health care premiums. Similarly, if an automobile insurance company knew that you typically travel to a section of town that has a high crime rate, they could increase your insurance premiums.

The Fourth Amendment specifies that an unlawful search occurs when an individual's reasonable expectation of privacy is violated. It specifies that an unlawful seizure occurs when an individual's property is taken with unreasonable interference. In high-tech surveillance, scores of cases have been decided based on search and seizure provisions. The courts have developed a substantial body of decisions on which we base wireless surveillance legality decisions. With respect to GPS, however, courts have yet to make definitive rulings on the constitutionality of law enforcement tracking.

Researchers in the commercial litigation department of Thelen, Reid and Priest, L.L.P., note that the United States Court of Appeals in the ninth circuit addressed the installation of a GPS tracking device underneath a suspect's car without his knowledge. The court held that there was no unconstitutional search on the part of the law officers because the individual should not have a reasonable expectation of privacy. (His expectation of safety, that the device not threaten his life or damage his car, was not violated either. Had it been, this would have been a different case.) Furthermore, the court found that because his car, his property, was not out of his control, it was also not a seizure violation. Cases such as this will continue to unfold as law enforcement experiments with technology and the laws are tested and interpreted.

What is important to understand from a business perspective is that new technologies may be covered under constantly changing bodies of case law and it is essential to stay current with laws related to technologies, services, or products you may be developing. If you create a system that fits in a tight security model and your business practices respect the privacy of your users today, this does not mean that legislation will always protect your practices. GPS in rental cars sometimes broadcast the user's location to the rental agency. The handling of this data is precarious and should be treated with care.

Legislation governing the maintenance and dispersal of location information varies greatly across the globe. In Ireland, for instance, two major wireless carriers maintain what they call customer locator records. These records contain information about where a user is located, with an accuracy of about 10 15 yards. The location information is available during the time the phone is powered on, not just when it is placing, receiving, or in the middle of a call.

These companies believed that they were required by Irish statute to maintain the records and had been storing them for more than six years. The Irish Council for Civil Liberties, shocked when it learned of this storage, investigated the matter. It turns out that holding a locator record for more than a few months is against Irish law and European Union (EU) regulations. The Irish Data Protection Commission is attempting to reconcile privacy and data storage regulations.

The EU has strict data privacy laws, far more stringent than U.S. privacy legislation. Some confusion exists in the EU about which data must be stored and which data must not be stored. This presents a problem for businesses that strive to be in compliance but are at a loss for explicit guidelines under the law. At present, U.S. and British organizations are lobbying the EU to relax its strict data privacy regulations in favor of allowing companies to mine data collected on its wireless users.