Google’s Latitude and Privacy Concerns

by on February 7, 2009 · 31 comments

Google LatitudeGoogle’s latest major launch is “Latitude,” a geo-location service that lets users find friends on a digital map and then network with them. These services are often referred to as “LBS,” which stands for “location-based services.” I wrote about LBS here before in my essay on “The Next Great Technopanic: Wireless Geo-Location / Social Mapping.” As I pointed out in that piece, LBS raise privacy concerns with some people because, by their nature, these technologies involve the tracking of users.

But I’ve argued that those concerns are generally over-blown, especially because you have to download and opt-in to these services. In other words, you know what you’re getting into. Moreover, companies who offer these services, like Loopt and now Google, go out of their way to offer privacy safeguards. Indeed, even some privacy activists agree.

For example, Michael Zimmer of the School of Information Studies at the University of Wisconsin-Milwaukee, is someone who pays close attention to privacy issues and is often critical of Google and other companies for supposedly not paying enough attention to privacy concerns. In the case of Latitude, however, he argues that “Google Actually Got it (Mostly) Right.”  Here’s his snapshot of “what Google’s done to help give users control of their information flows in Latitude”:

  • Only friends you have explicitly invited or accepted can see your location
  • You can hide your location to everyone so no friends can see where you are (and neither will Google)
  • You can hide your location to select friends
  • You can share only city-level data with select friends
  • You can manually select a location on the map that will be shared with friends (which means you can send the wrong location to obfuscate your location)
  • And, perhaps most importantly, Google is not logging your pings to servers; they only keep you latest location on file

Google’s complete privacy policy for Latitude can be found here.

Frankly, I think Google–like Loopt before them–has gone above and beyond the call of duty to appease privacy-sensitive users and privacy activists. In my opinion, the privacy concerns about LBS services are really much ado about nothing.  Although they’ll never do it, what I’d like to hear Google say to the extremely privacy-sensitive users and activists is:  “Look, we’re giving you a great new free service that you can choose to use and we’re including plenty of privacy safeguards if you are sensitive about your personal information. So, we’ve done our part, now it’s your choice–and responsibility–about how to use it from here.”  I mean, really, what more is it that people want!

  • DB

    Adam–I agree that Google has done a good job in proactively addressing privacy concerns, but I think you are being too cavalier about LBS services in general.

    I saw a commercial this weekend for a new service called RivePoint (http://www.rivepoint.com) that delivers coupons directly to your mobile device. Who doesn't want to save money, especially in this economy? As you say, it's fine as long as the “you know what you're getting into,” but most reasonable people would likely assume they are opting into the service only when they are actually using it. When you shut it down, it's reasonable to assume that you have removed your consent to be tracked.

    Yet hidden in the privacy policy, you find:

    “This real-time location tracking may occur even when the application is not actively open and running on your mobile device.”

    Most people would also reasonably assume that information will be collected by and for the service they are signing up for. In reality, RivePoint reserves the right to outsource data collection to third parties, and they take no responsibility for how these data are handled, managed, stored, or shared. In other words, in order for you to really know “what you're getting into,” you have to write a letter to RivePoint to find out what third parties might be collecting your information, and then you need to write a letter to those third parties to obtain their privacy policy.

    Don't you think there could be more robust notice and consent?

  • http://www.techliberation.com Adam Thierer

    Sure, I'm all for more transparency here. Consumers of LBS services should be given very clear notice and choice about what they're signing up for. Moreover, if their location-based information is used in unintended ways that results in actual harm to the user, then they vendor would likely be setting themselves up for a wave of lawsuits for fraud or gross negligence.

    But the first question here is: What's the harm? In the vast majority of cases, information collected for purposes like this is usually just used to engage in more targeted marketing campaigns and sell people more stuff. I'd don't see much harm there — although plenty of people have long wanted to regulate such commercial activities. The more legitimate beef lies in the collection of information for some more nefarious purpose, or the surrendering of that information to government officials. But there are ways to deal with such problems without outlawing the technologies in question altogether.

  • DB

    I think that the harm for LBS is much clearer than for other forms of targeted advertising. For instance, we live in a rather litigious society, and there are countless types of civil lawsuits where the plaintiff would benefit from obtaining a detailed log of my every move. If numerous marketers are collecting and storing this information from my mobile device, all it takes is a subpoena.

    The other harm would be government officials/law enforcement (as you noted). Let's say a crime occurs at a given location and time. Why wouldn't law enforcement subpoena mobile marketers for a list of everyone who may have been in the vicinity? If this becomes the new method for rounding up suspects, the harm would become quite apparent.

    The question is not whether the technologies should be outlawed, but whether consumers should be ensured clear and straightforward notice about when they are being tracked, how long the information is stored, and with which third parties the information shared.

  • DB

    Adam–I agree that Google has done a good job in proactively addressing privacy concerns, but I think you are being too cavalier about LBS services in general.

    I saw a commercial this weekend for a new service called RivePoint (http://www.rivepoint.com) that delivers coupons directly to your mobile device. Who doesn't want to save money, especially in this economy? As you say, it's fine as long as the “you know what you're getting into,” but most reasonable people would likely assume they are opting into the service only when they are actually using it. When you shut it down, it's reasonable to assume that you have removed your consent to be tracked.

    Yet hidden in the privacy policy, you find:

    “This real-time location tracking may occur even when the application is not actively open and running on your mobile device.”

    Most people would also reasonably assume that information will be collected by and for the service they are signing up for. In reality, RivePoint reserves the right to outsource data collection to third parties, and they take no responsibility for how these data are handled, managed, stored, or shared. In other words, in order for you to really know “what you're getting into,” you have to write a letter to RivePoint to find out what third parties might be collecting your information, and then you need to write a letter to those third parties to obtain their privacy policy.

    Don't you think there could be more robust notice and consent?

  • http://www.techliberation.com Adam Thierer

    Sure, I'm all for more transparency here. Consumers of LBS services should be given very clear notice and choice about what they're signing up for. Moreover, if their location-based information is used in unintended ways that results in actual harm to the user, then they vendor would likely be setting themselves up for a wave of lawsuits for fraud or gross negligence.

    But the first question here is: What's the harm? In the vast majority of cases, information collected for purposes like this is usually just used to engage in more targeted marketing campaigns and sell people more stuff. I'd don't see much harm there — although plenty of people have long wanted to regulate such commercial activities. The more legitimate beef lies in the collection of information for some more nefarious purpose, or the surrendering of that information to government officials. But there are ways to deal with such problems without outlawing the technologies in question altogether.

  • DB

    I think that the harm for LBS is much clearer than for other forms of targeted advertising. For instance, we live in a rather litigious society, and there are countless types of civil lawsuits where the plaintiff would benefit from obtaining a detailed log of my every move. If numerous marketers are collecting and storing this information from my mobile device, all it takes is a subpoena.

    The other harm would be government officials/law enforcement (as you noted). Let's say a crime occurs at a given location and time. Why wouldn't law enforcement subpoena mobile marketers for a list of everyone who may have been in the vicinity? If this becomes the new method for rounding up suspects, the harm would become quite apparent.

    The question is not whether the technologies should be outlawed, but whether consumers should be ensured clear and straightforward notice about when they are being tracked, how long the information is stored, and with which third parties the information shared.

  • DB

    Adam–I agree that Google has done a good job in proactively addressing privacy concerns, but I think you are being too cavalier about LBS services in general.

    I saw a commercial this weekend for a new service called RivePoint (http://www.rivepoint.com) that delivers coupons directly to your mobile device. Who doesn't want to save money, especially in this economy? As you say, it's fine as long as the “you know what you're getting into,” but most reasonable people would likely assume they are opting into the service only when they are actually using it. When you shut it down, it's reasonable to assume that you have removed your consent to be tracked.

    Yet hidden in the privacy policy, you find:

    “This real-time location tracking may occur even when the application is not actively open and running on your mobile device.”

    Most people would also reasonably assume that information will be collected by and for the service they are signing up for. In reality, RivePoint reserves the right to outsource data collection to third parties, and they take no responsibility for how these data are handled, managed, stored, or shared. In other words, in order for you to really know “what you're getting into,” you have to write a letter to RivePoint to find out what third parties might be collecting your information, and then you need to write a letter to those third parties to obtain their privacy policy.

    Don't you think there could be more robust notice and consent?

  • http://www.techliberation.com Adam Thierer

    Sure, I'm all for more transparency here. Consumers of LBS services should be given very clear notice and choice about what they're signing up for. Moreover, if their location-based information is used in unintended ways that results in actual harm to the user, then they vendor would likely be setting themselves up for a wave of lawsuits for fraud or gross negligence.

    But the first question here is: What's the harm? In the vast majority of cases, information collected for purposes like this is usually just used to engage in more targeted marketing campaigns and sell people more stuff. I'd don't see much harm there — although plenty of people have long wanted to regulate such commercial activities. The more legitimate beef lies in the collection of information for some more nefarious purpose, or the surrendering of that information to government officials. But there are ways to deal with such problems without outlawing the technologies in question altogether.

  • DB

    I think that the harm for LBS is much clearer than for other forms of targeted advertising. For instance, we live in a rather litigious society, and there are countless types of civil lawsuits where the plaintiff would benefit from obtaining a detailed log of my every move. If numerous marketers are collecting and storing this information from my mobile device, all it takes is a subpoena.

    The other harm would be government officials/law enforcement (as you noted). Let's say a crime occurs at a given location and time. Why wouldn't law enforcement subpoena mobile marketers for a list of everyone who may have been in the vicinity? If this becomes the new method for rounding up suspects, the harm would become quite apparent.

    The question is not whether the technologies should be outlawed, but whether consumers should be ensured clear and straightforward notice about when they are being tracked, how long the information is stored, and with which third parties the information shared.

  • Pingback: next

  • Pingback: Judy Click

  • Pingback: buy Facebook likes

  • Pingback: surf report

  • Pingback: Underwood Stakes

  • Pingback: north topsail beach rentals

  • Pingback: ala from Natural Nutrihealth

  • Pingback: Reizen

  • Pingback: http://youtube.com/watch?v=--3e0FB_zls

  • Pingback: surrey house cleaning

  • Pingback: 30 Days to Thin Review

  • Pingback: Abstract Art

  • Pingback: voip 1300 numbers

  • Pingback: premier league singapore

  • Pingback: garcinia cambogia

  • Pingback: fall 2013 fashion trends boots

  • Pingback: PALS Coupon Code

  • Pingback: payday loans

  • Pingback: Make A Million Dollars

  • Pingback: How to treat periodontal disease

  • Pingback: Adam Cox

  • Pingback: charlotte startups

Previous post:

Next post: