Palm Pre debacle highlights location privacy issues

Users need to become more careful when sharing location data, says analyst

Reports about Palm keeping track of Pre users have shown how location services can backfire, and the importance of making users aware of how information is used.

On Wednesday mobile application developer Joey Hess wrote in his blog that the Pre periodically uploads location data to Palm. He was widely quoted, and the information left some readers upset.

[ InfoWorld's Neil McAllister advises developers to learn from the Palm Pre's privacy mistakes. | Get the full scoop on next-gen mobile devices in InfoWorld's Mobile 2.0 Deep Dive PDF report. | Read our hands-on evaluation of the Palm Mojo SDK for Pre. ]

Palm responded by saying that it takes privacy very seriously and offers users ways to disable data collecting services.

Location services are one of the hottest sectors in the mobile application market. As their popularity increases, the number of companies that users share location data with will inevitably rise. Knowing a person's location takes privacy concerns to a whole new level, said Nick Jones, vice president at market research company Gartner.

"Your identity being hacked on the Internet is unpleasant, but that is completely different from someone finding you and doing something," Jones said.

The most important thing for vendors, operators, and application developers is to be open and up-front with how they collect and plan to use location data. Just leaving it up to users to read through the fine print in the terms and conditions of applications and devices isn't going to cut it, Jones said. If users are surprised by how their information has been used, it's going to create a lot of bad PR, according to Jones.

Clear opt-in and opt-out procedures have to be in place when subscribers sign up for a service, according to Paolo Pescatore, analyst at CCS Insight. Users need to be told which companies they are actually sharing their data with, he said.

Application stores can also play an important role when it comes to keeping application developers honest. "One option is for providers of application stores, when they are certifying applications, to be especially careful around the handling of sensitive information, whether that is location or banking information ... just to ensure you are giving consumers an extra level of protection," said Jonathan Arber, senior research analyst at IDC.

But users will also have to become more aware and be a bit careful when they share location information, just as they are now careful about sharing their banking information on Web sites, according to Arber.

The sensitivity and privacy implications of location data will also attract regulators.

In June two Swedish government authorities launched an investigation into how operators handle data related to location-based services. The investigation, lead by the Swedish Post and Telecom Agency and Swedish Data Inspection Board, which deals with protecting individuals' privacy in the information society, is ongoing. But Jonas Agnvall, a Data Inspection Board lawyer, underscored the importance of informing users about how the location data is used.

Regulating location based services should only be a last resort, analysts agree.

"At this point I don't see a need for regulation. The ideal situation would obviously be that the industry self regulates," said Arber.

For regulators to preempt technology is very difficult, because it isn't known what exciting and useful developments will emerge in the future, said Jones. If regulators do decide to act then they should regulate principles and not technology, so that they don't inhibit innovation, he said.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Join the discussion
Be the first to comment on this article. Our Commenting Policies