D11.6: Survey on Mobile Identity

The deliverable in hand provides the results of an explorative survey on the
control model for identity related data in location-based services (LBS)
presented in FIDIS deliverable D11.2.
The survey was performed to explore the influence of LBS characteristics (pull
vs. push based, indirect vs. direct profile creation) on the perceived amount of
control participants have about the disclosure of their identity.
Four scenarios, each reflected a different aspect of the control model, have been
designed and tested.

[Download]

The legal framework for LBS in Europe
CONCLUSION

Conclusion

In the Netherlands, processing of location data is in general regulated by two laws, the Personal Data Protection Act and the Telecommunications Act. These acts implement the provisions prescribed by the European Directives and apply to public as well as private processing of personal data. With regard to use of location data by public authorities, there are some specific provisions in the Dutch Code of Criminal Procedure. There are no specific rules for the processing of location and traffic data within private relationships. However, in employee-employer relationships, the Netherlands offer the opportunity to obtain consent by means of a Works Council. The agreement between the employer and the Works Council cannot replace the consent of individuals, meaning that individual employees can still limit their consent.

The problems described with regard to the complex system of the different European directives being applicable to different types of data (see Chapter 4) are not solved at the Dutch national level. The same holds true for the lack of clarity concerning certain definitions, leaving question open such as “what techniques and services fall within the scope of ‘public telecommunications network’ or ‘public telecommunications service’?” These issues might be hard to clarify at a national level, especially in the Netherlands where two supervising authorities, the CBP and the OPTA, have competencies with regard to telecommunications. On the issue of GSM and GPS there is some clarity, but questions are raised by newer technologies, such as WiFi, Bluetooth and RFID.

In conclusion, the complex system of processing of personal, location data and traffic data is in need of clarification, especially in view of the increasing use of new communication technologies. As long as it remains unclear which provisions apply to different LBS applications under which conditions, the protection of our privacy remains uncertain and the development of LBS may be hampered.

9 Conclusions and recommendations

Colette Cuijpers & Bert-Jaap Koops (TILT)

This report aims at identifying legal certainty and privacy protection with regard to positioning systems, in particular Location Based Services (LBS). The main question is:

Which legal data-protection framework applies when providers of location-based services (LBS), public authorities and private parties like employers process location data generated in positioning systems?

In order to answer this question, this report has provided a description of the technical and the European legal background regarding Location Based Services, as well as an overview of LBS provisioning in relation to the national legal frameworks in four European Member States. In this chapter, we draw conclusions and provide some recommendations on the basis of the descriptions and analyses offered in this report.

43 / 47