This article is from the source 'nytimes' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.nytimes.com/2019/10/16/opinion/foursquare-privacy-internet.html

The article has changed 2 times. There is an RSS feed of changes available.

Version 0 Version 1
Congress Must Regulate the Location Data Industry How to Stop the Abuse of Location Data
(about 2 hours later)
In the right hands, location data can be a force for good. It can provide publishers and app developers with advertising revenue so consumers can access free services and information. It can inform city planning, help ride-sharing users reach their destinations, guide travelers to great local spots, reassure parents their children are safely on their way home, remind people where they parked their car and relieve traffic congestion. And it has immense potential for the future: in autonomous driving, augmented reality, smarter health care interventions and context-aware artificial intelligence.In the right hands, location data can be a force for good. It can provide publishers and app developers with advertising revenue so consumers can access free services and information. It can inform city planning, help ride-sharing users reach their destinations, guide travelers to great local spots, reassure parents their children are safely on their way home, remind people where they parked their car and relieve traffic congestion. And it has immense potential for the future: in autonomous driving, augmented reality, smarter health care interventions and context-aware artificial intelligence.
[If you’re online — and, well, you are — chances are someone is using your information. We’ll tell you what you can do about it. Sign up for our limited-run newsletter.][If you’re online — and, well, you are — chances are someone is using your information. We’ll tell you what you can do about it. Sign up for our limited-run newsletter.]
But location data can also be abused. Bounty hunters were able to buy the current location of a cellphone for $300, Vice reported, because telecom companies sold the real-time location of phones to shady companies. And apps that track location data may turn around and sell that data, revealing someone’s every movement — whether it is to a retail store, an abortion clinic or a gay bar. Bloomberg Businessweek recently reported on a company with thousands of cameras selling car locations to debt collectors and others; there is no “opt-in” involved, and it’s illegal in all states to cover your license plate.But location data can also be abused. Bounty hunters were able to buy the current location of a cellphone for $300, Vice reported, because telecom companies sold the real-time location of phones to shady companies. And apps that track location data may turn around and sell that data, revealing someone’s every movement — whether it is to a retail store, an abortion clinic or a gay bar. Bloomberg Businessweek recently reported on a company with thousands of cameras selling car locations to debt collectors and others; there is no “opt-in” involved, and it’s illegal in all states to cover your license plate.
There are no formal rules for what is ethical — or even legal — in the location data business. We could all take a Hippocratic oath for data science (as in medicine: “First do no harm”), and hope that living by such an oath would curb abuses. But even in the best of circumstances, that oath is voluntary.There are no formal rules for what is ethical — or even legal — in the location data business. We could all take a Hippocratic oath for data science (as in medicine: “First do no harm”), and hope that living by such an oath would curb abuses. But even in the best of circumstances, that oath is voluntary.
It’s time for Congress to regulate the industry.It’s time for Congress to regulate the industry.
Foursquare, where I serve as chief executive, is one of the largest independent companies in the location technology industry. We started with a consumer app that invented the check-in to allow people to find friends and learn more about the cities they explore. Today our customers are mainly businesses — including over 150,000 registered app developers and more than half of the Fortune 100 companies — that rely on mapping technology and consumer insights that our location platform makes possible.Foursquare, where I serve as chief executive, is one of the largest independent companies in the location technology industry. We started with a consumer app that invented the check-in to allow people to find friends and learn more about the cities they explore. Today our customers are mainly businesses — including over 150,000 registered app developers and more than half of the Fortune 100 companies — that rely on mapping technology and consumer insights that our location platform makes possible.
In our consumer apps, we try to set an example with transparent opt-in consent language — plain words up front, not buried in some long privacy policy. When we share our technology with other apps, we only work with reputable partners. When we acquire data sets, we contractually mandate that our partner’s data is collected with opt-in consent. But all of this is purely optional across the industry. That’s a recipe for abuse.In our consumer apps, we try to set an example with transparent opt-in consent language — plain words up front, not buried in some long privacy policy. When we share our technology with other apps, we only work with reputable partners. When we acquire data sets, we contractually mandate that our partner’s data is collected with opt-in consent. But all of this is purely optional across the industry. That’s a recipe for abuse.
America needs more. We believe federal regulation that enforces three core principles will prevent abuses.America needs more. We believe federal regulation that enforces three core principles will prevent abuses.
First, apps on mobile devices should not be allowed to ask for location data unless they offer the user a clear service that depends on that data. Why, for example, should a flashlight app have your location data? Value can come in many forms — localized content and offers, better alerts, coupons for certain retailers and even direct compensation (rewards for participating in a location-based survey, for instance). The app should make the proposition clear to the consumer — that is, it should state that the app is providing an experience enhanced by location, and make that “enhancement” known.First, apps on mobile devices should not be allowed to ask for location data unless they offer the user a clear service that depends on that data. Why, for example, should a flashlight app have your location data? Value can come in many forms — localized content and offers, better alerts, coupons for certain retailers and even direct compensation (rewards for participating in a location-based survey, for instance). The app should make the proposition clear to the consumer — that is, it should state that the app is providing an experience enhanced by location, and make that “enhancement” known.
Second, a new privacy law must require greater transparency around what consumers are signing up for and how their data will be used. (We have found that around half of consumers are likely to opt-in when given a clear idea of what they are agreeing to.) Permission to collect or share data should be spelled-out in plain English, not buried within terms and conditions. These permission pop-ups must explain concisely how data will be used and whether it will be shared with partners. Lawmakers must also require apps that are collecting data to make it easy for users to opt-out at any time (under the condition that they won’t get personalized content as a result). Consumers, not companies, should control the process.Second, a new privacy law must require greater transparency around what consumers are signing up for and how their data will be used. (We have found that around half of consumers are likely to opt-in when given a clear idea of what they are agreeing to.) Permission to collect or share data should be spelled-out in plain English, not buried within terms and conditions. These permission pop-ups must explain concisely how data will be used and whether it will be shared with partners. Lawmakers must also require apps that are collecting data to make it easy for users to opt-out at any time (under the condition that they won’t get personalized content as a result). Consumers, not companies, should control the process.
Third, a privacy law must establish the obligation and duty on those collecting location data (even with consent) to “do no harm.” It must require companies to apply privacy-protecting measures to all data uses. The industry needs to earn consumer trust and speak to what makes consumers anxious.Third, a privacy law must establish the obligation and duty on those collecting location data (even with consent) to “do no harm.” It must require companies to apply privacy-protecting measures to all data uses. The industry needs to earn consumer trust and speak to what makes consumers anxious.
A Hippocratic oath for data science, akin to the fiduciary duty the Securities and Exchange Commission applies to investment advisers, might be the right model. Companies should have to respect restricted, sensitive categories like a Planned Parenthood clinic or cancer center. They should also be required to ensure that the data they collect is not used to discriminate based on religion, medical conditions, sexual orientation or political beliefs. This can’t be voluntary: A federal regulator would receive complaints and investigate alleged abuses — and be authorized to administer meaningful punishments and fines that are large enough to change behavior, as in the European Union’s privacy law, the General Data Protection Regulation.A Hippocratic oath for data science, akin to the fiduciary duty the Securities and Exchange Commission applies to investment advisers, might be the right model. Companies should have to respect restricted, sensitive categories like a Planned Parenthood clinic or cancer center. They should also be required to ensure that the data they collect is not used to discriminate based on religion, medical conditions, sexual orientation or political beliefs. This can’t be voluntary: A federal regulator would receive complaints and investigate alleged abuses — and be authorized to administer meaningful punishments and fines that are large enough to change behavior, as in the European Union’s privacy law, the General Data Protection Regulation.
A Hippocratic standard would make it illegal for any location or movement data, even with proper permissions, to be used to gouge consumers or deny them access to basic life services like loans, health care, insurance, employment, civil rights and educational opportunities. This would not prohibit a person from installing a car tracker to earn a “good driver” discount. But family tracking apps should not secretly be used to hike your teenager’s auto insurance above normal rates by monitoring driving speeds.A Hippocratic standard would make it illegal for any location or movement data, even with proper permissions, to be used to gouge consumers or deny them access to basic life services like loans, health care, insurance, employment, civil rights and educational opportunities. This would not prohibit a person from installing a car tracker to earn a “good driver” discount. But family tracking apps should not secretly be used to hike your teenager’s auto insurance above normal rates by monitoring driving speeds.
Moreover, all location companies should be required to protect consumer data with appropriate security steps, and blur or minimize data sharing in ways to enhance privacy. For instance, Foursquare does not want to see a future where people’s full “location trails” (the exact names of places visited and exact times a person moves through them reconstructed to form a daily journey) are widely accessible to every advertiser or government agency, without any safeguards. That’s too intrusive and completely unnecessary for us all to benefit from the value of location.Moreover, all location companies should be required to protect consumer data with appropriate security steps, and blur or minimize data sharing in ways to enhance privacy. For instance, Foursquare does not want to see a future where people’s full “location trails” (the exact names of places visited and exact times a person moves through them reconstructed to form a daily journey) are widely accessible to every advertiser or government agency, without any safeguards. That’s too intrusive and completely unnecessary for us all to benefit from the value of location.
Not all location data is the same. When we work with partners who want to understand if marketing is leading more people to visit their stores, or to identify consumers who frequent rival chains to try to win them over, we use only pseudonymized identifiers and blur out precise data. That means we don’t share the specific time of a visit to a specific location. Nor do we offer details on all visits for any particular user over the course of a day.Not all location data is the same. When we work with partners who want to understand if marketing is leading more people to visit their stores, or to identify consumers who frequent rival chains to try to win them over, we use only pseudonymized identifiers and blur out precise data. That means we don’t share the specific time of a visit to a specific location. Nor do we offer details on all visits for any particular user over the course of a day.
The idea is that whatever we share, the data is sufficiently general so that no individual can be picked out and “watched,” or it’s entirely abstracted into interest-based audiences (such as “moms in the United States who shop at Whole Foods and prefer yoga studios” or “college students who frequent fast food”).There’s no reason that every company in our industry couldn’t adopt the same practices, and regulation should force them to.The idea is that whatever we share, the data is sufficiently general so that no individual can be picked out and “watched,” or it’s entirely abstracted into interest-based audiences (such as “moms in the United States who shop at Whole Foods and prefer yoga studios” or “college students who frequent fast food”).There’s no reason that every company in our industry couldn’t adopt the same practices, and regulation should force them to.
These steps are necessary, but they’re not sufficient. Companies should have to maintain data with adequate security protections, including encryption at rest and in transit. Employees at companies that collect data on millions of consumers should undergo privacy and ethics training. Companies should require clients and other people who use the data to promise that they will not use the tech and data for unethical or discriminatory practices — and should penalize those that act unethically. Regulation should force companies to create ethics committees where management and employees must discuss their privacy and ethical data use policies regularly.These steps are necessary, but they’re not sufficient. Companies should have to maintain data with adequate security protections, including encryption at rest and in transit. Employees at companies that collect data on millions of consumers should undergo privacy and ethics training. Companies should require clients and other people who use the data to promise that they will not use the tech and data for unethical or discriminatory practices — and should penalize those that act unethically. Regulation should force companies to create ethics committees where management and employees must discuss their privacy and ethical data use policies regularly.
Congress should legislate now, as some states have. But as with any regulation, there’s a chance that Congress could, with the best of intentions, do great damage. Any reform that is overly burdensome on smaller companies, for instance, will only strengthen behemoths like Google and Facebook, putting challengers out of business and reducing innovation.Congress should legislate now, as some states have. But as with any regulation, there’s a chance that Congress could, with the best of intentions, do great damage. Any reform that is overly burdensome on smaller companies, for instance, will only strengthen behemoths like Google and Facebook, putting challengers out of business and reducing innovation.
Doing these things takes time, money and commitment. They may also not be foolproof. Standards evolve, and every company in our industry needs to continually improve their practices to keep up. There’s no good reason that companies won’t be able to comply with reasonable regulation. Comprehensive regulation will support future innovation, weed out the bad companies and earn the public trust.Doing these things takes time, money and commitment. They may also not be foolproof. Standards evolve, and every company in our industry needs to continually improve their practices to keep up. There’s no good reason that companies won’t be able to comply with reasonable regulation. Comprehensive regulation will support future innovation, weed out the bad companies and earn the public trust.
Now is the time for Congress to act.Now is the time for Congress to act.
Jeff Glueck (@JeffGlueck) is the chief executive of Foursquare.Jeff Glueck (@JeffGlueck) is the chief executive of Foursquare.
Like other media companies, The Times collects data on its visitors when they read stories like this one. For more detail please see our privacy policy and our publisher's description of The Times's practices and continued steps to increase transparency and protections.Like other media companies, The Times collects data on its visitors when they read stories like this one. For more detail please see our privacy policy and our publisher's description of The Times's practices and continued steps to increase transparency and protections.
Follow @privacyproject on Twitter and The New York Times Opinion Section on Facebook and Instagram.Follow @privacyproject on Twitter and The New York Times Opinion Section on Facebook and Instagram.