Blog

Weather Forecast: Cold with a side of data privacy storm

By Carolin Brucker Cabe, an Associate at XPAN Law Group, LLC.

While the weather here on the East coast is getting colder, companies providing mobile applications to their users might still see themselves on the sunny side of the legal weather forecast when it comes to how they collect their users’ geolocation data and what purposes they use it for – most of the times unbeknown to their users.

But things can get pretty frosty very quickly when courts step in and take a look at these companies and their ways of advertising, elevating corporate profits over users’ privacy and misleading them into allowing their movements to be tracked 24/7.

With articles popping up on each of our newsfeed almost on a daily basis about the topic of users being tracked by apps constantly without their knowledge, one wonders if change is finally on the horizon now that courts start to take notice.

The New York Times published a thorough and lengthy research article into mobile applications’ tracking habits of users’ locations in December of last year (“Your Apps Know Where You Were Last Night, and They’re Not Keeping It Secret”). In the article, the Times found that at least 75 companies receive anonymous, precise location data from apps when users enable location settings to get local news, weather or other information.

Though the businesses claim that their interest is in the patterns and not the identities that the data reveals about consumers, the information collected over the apps could still identify a person without consent. That is, those with access to the raw data such as employees or clients were still able to identify and track a person’s whereabouts despite the fact that data was tied not to someone’s name or phone number but to a unique ID. “They could follow someone they knew, by pinpointing a phone that regularly spent time at that person’s home address. Or, working in reverse, they could attach a name to an anonymous dot, by seeing where the device spent nights and using public records to figure out who lived there”. A very lucrative business as it turns out: with sales of location-targeted advertising reaching an estimated $21 billion in 2018.

The new year wasn’t very old yet when the latest news on that front came from the office of Los Angeles City Attorney, Mike Feuer, his last name ironically translating to “fire”. Mr. Feuer filed a complaint against the Weather Channel Product and Technology, LLC, (TWC), the company behind the popular Weather Channel mobile application owned by IBM, in which same New York Times article was cited “that detailed a sprawling industry of companies that profit from continuously snooping on users’ precise whereabouts”.

Mr. Feuer’s complaint alleges that TWC used the geolocation tracking technology present in the app to monitor where users live, work, and visit, twenty-four hours a day, as well as how much time users spend at each location. In the complaint it says that “[f]or years, TWC has deceptively used its Weather Channel App to amass its users’ private, personal geolocation data—tracking minute details about its users’ locations throughout the day and night, all the while leading users to believe that their data will only be used to provide them with “personalized local weather data, alerts and forecasts.” Instead, TWC allegedly sends this information to affiliates of its parent company, IBM, and other third parties for advertising and other commercial purposes entirely unrelated to the weather. Users’ location data could be used to determine users’ daily habits, consumer preferences and identities. “This information is allegedly used for targeted advertisements by at least a dozen third party websites over the past 19 months based on locations users frequent, and has been by hedge funds interested in analyzing consumer behavior”.

Many location companies argue that their users’ data is “fair game” when the user enables location services. But as the Times and Mr. Feuer point out, the explanations people see when being prompted to give permission often are incomplete, misleading or even deceitful. While an app may tell users that granting access to their location will enable them to get traffic information, it omits to state that data will also be shared and sold. Only in a vague privacy policy can this be found.

Tracking of users becomes particularly worrisome when used at health care facilities. “Tell All Digital, a Long Island advertising firm that is a client of a location company, says it runs ad campaigns for personal injury lawyers targeting people anonymously in emergency rooms”, according to the Times.

Regardless of whether tracking takes place at health care facilities, jails, supermarkets or homes: It is simply not right to leave consumers in the dark about how their data is sold and shared and not giving them any tool to do anything about it.

Mr. Feuer’s complaint seeks an injunction prohibiting TWC from continuing to engage in allegedly unfair and fraudulent business activities, including deceptively collecting and selling personal data, as well as Civil Penalties up to $2,500 for each violation. But on the long run legislature has to step in and make privacy laws waterproof so that personal data cannot be sold to benefit the advertising industry without the consent of the data subjects. A first step would surely be to raise the bar for privacy policies and notices. The actual purpose of data collection must not be buried in gibberish, but has to be transparently made clear to the consumer.

Recommendations for privacy settings on your smartphone:

Until the legal world will help out users by hopefully ruling on court cases like the above in favor of the mobile app users, this quick overview by Jennifer Valentino-DeVries and Natasha Singer from the New York Times can help you learn how to protect your privacy using your smartphone settings to the best possible.

For a quick reference, here are the steps to take on your phones regarding location tracking:

iPhone users (iOS):

Go to “Settings”, “Privacy”, “Location Services”. You have two options when it comes to changing your settings. Either turn off “Location Services” entirely which will shut off tracking for all apps at once, eventually preventing you from being able to use certain services provided by an application. Or you can go through the list of your apps and “choose your poison” individually. Every app usually lets you decide whether your location is tracked and used “Never”, “Always”, or “While Using the App”. Check mark each individual app accordingly, the least invasive of such being “While Using the App”.

Android users:

Go to “Settings”, tap “Security & location”. On the next screen tab “Location” in the Privacy section. Next, tab “App-level permissions” which will show you a list of apps. Now, to turn off location for an app, switch the toggle to the left.

Other than on iOS phones, you cannot choose to restrict location usage for “While Using an App”. Newer versions of Android phones limit the collection of data “to a few hours a day” according to Google. If you’d rather like to shut of location settings entirely, you can do so by switching off “Use location”

For both smartphone systems alike:

With a view to apps no longer used by you, why not delete them from your phone for good?

*****

Nothing contained in this blog should be construed as creating an attorney-client relationship or providing legal advice of any kind. If you have a legal issue regarding cybersecurity, domestic or international data privacy, or electronic discovery, you should consult a licensed attorney in your jurisdiction.