Mobile devices and tablets represent a milestone in the development of computing devices. The imaginary scale starts with table computers, with more or less fixed location, requiring a user to adapt his or her behavior to the computer. On the other side, there are wearable computing devices, representing a fundamental shift, in which computer adapts to the user.
Mobiles are still not a part of wearable computing. The user must learn specific actions (such as clicking the screen, etc.) and mobile location can differ from the user. However, it´s a start.
Wearable computing raises many legal issues in the area of data protection and the use of data. Some of them were already addressed in the article about Google Glass. Among other things, wearable computing devices enable very precise collection of location data about the user. This article introduces present state-of-the-art techniques for privacy protection in mobile devices.
Christin and Hollick in their brilliant study (cited below) classified these techniques into two basic categories: user-controlled and application-controlled.
Firstly, the users might use pseudonyms to register to the application. The goal is to hide their real identity. The problem is that the application usually collects the commuting pattern of the users between their home and workplace. The continuous collection of these data enables the determination of the daily patterns. With the use of reverse address lookups, it is possible to retrieve the names of the users living in these locations.
Secondly, in some applications, the user can disable the sensing function, when the user feels that his or her privacy is endangered, or can control the degree of granularity at which the data about location are released to the application (eg. only names of the streets, determination of specific sensitive areas with higher levels of protection). On the other hand, these mechanisms might lower the usefulness of the application itself.
Thirdly, the user has a possibility to determine an authorized user to access his or her data. It is similar to the previous mechanism, since it is the user who controls his or her data. But in this case, the user does not determine the locations, but grants an access to his or her data to specific categories of people.
Finally, users can make use of virtual individual servers. In the second and third mechanism, the user must trust the application to apply the correct access control rules. When using virtual individual servers, the user first uploads his or her raw data on them and individually configures the access of these data to different applications. According to the authors of the study, the users “maintain a control over their data and dynamically adapt both the authorized users and sets of data according to their personal privacy preferences” (p. 213).
Firstly, it is the perturbation of sensor readings. The process of removing privacy-sensitive data can happen either on the mobile phone or on the application server. The algorithms can run on the mobile phone and directly extract interested data without their transfer to the application server (eg: eliminate human voices from the sound). Furthermore, something is added to data, so that they are not recognizable to the individual anymore (eg.: artificial noise might be added to the record). The problem is the resources of the mobile phones to perform such mechanisms.
On the server side, it is possible to remove the identity associated with the sensor readings or any specificities of the sensor readings. Moreover, they can aggregate data in forms of statistics or maps.
Secondly, the location information can be perturbed. The principle is to build groups of users of certain number, who share a common attribute and make them indistinguishable. The common example is a certain number of users in the same district. The exact location might be generalized by a location with less degree of detail. Or the exact coordinates of users are replaced by the average location of a certain number of the nearest users. The risk in the use of these techniques is that they still require the communication of the exact coordinates to a central entity and accordingly, they require its trust.
Legal analysis of these mechanisms
From the legal perspective (with particular focus on the European context), all of these mechanisms represent a process of making data anonymous, as described in this article. In case that data are anonymous, the rules of data protection do not apply for data collectors or processors.
In case of application-controlled mechanisms, if the raw data are properly secured, it seems that data would be anonymous. However, the issue of the security of data is more complex and risky than it might seem.
In case of user-controlled mechanisms, the quality of data depends on the user. In case that the user determines a high level of data protection, the data would probably be anonymous. However, if the user lets the application collect his or her location data with a lower degree of protection, the data controller or processor would have to treat these data as personal data. Data controller or processor would have to either apply the above-mentioned application-controlled mechanisms or satisfy the legal requirements of the personal data processing.
That’s why, the decision about the proper way to protect data on mobile devices, is a business decision. The benefit of using application-controlled mechanisms is the uniformity of data protection rules applied to users. In the user-controlled mechanisms, the user has more rights to determine his or her data protection privacy. This might lead to additional costs and the lowering of precision of data collection.
On the other hand, there is an increase in the user’s awareness of their data protection. Therefore, from this point of view, enabling user’s control might be beneficial.
Notwithstanding the final decision, the authors of the cited study stress that although application developers understand the importance of privacy protection mechanisms, they tend to leave the implementation of these mechanisms to the latter parts of the application development. As already noted, this attitude underestimates the complexity of the whole issue. The chosen mechanism might have significant legal consequences, leading to a latter increase in costs.
There is no need to further elaborate on the growth of the use of mobile devices and the future of wearable computing. With the devices getting closer to the user (sometimes even inside the user), privacy protection mechanisms would play a significant role.
This article summarised available options for application developers. It also gave a brief overview of related legal requirements. The future in this area is exciting. We would like to hear any comments or your experience with finding the balance between providing location-based services and protecting personal privacy. Do not hesitate to contact us here.
Christin, D – Hollick, M Roadmap for Privacy Protection in Mobile Sensing Applications. In: Gutwirth, S. et al 2013 European Data Protection: Coming of age. Dordrecht : Springer.
Note: This article is intended as a summary of issues. Its purpose is not a to provide legal advice or create an attorney-client relationship between you and the author of this article.