D11.2: Mobility and LBS

Title: LEGITIMATE PROCESSING OF LOCATION DATA FOR THE PROVISION OF A LOCATION BASED SERVICE

Legitimate processing of location data for the provision of a Location Based Service

The ePrivacy directive in Article 9(1) allows the processing of location data for the provision of Location Based Services only “when they are made anonymous, or with the consent of the users or subscribers to the extent and for the duration necessary for the provision of a value added service”. In simple words when the data are not made anonymous, the user or the subscriber of the mobile device shall give their consent to the processing of the location data in order to enable the provision of the Location Based Service. However, even when the consent of the user or subscriber has already been obtained, the user or subscriber must continue to have the possibility, using a simple means and free of charge, to refuse the processing of such data for each individual request. When the user initiates the service by calling for instance a number or sending an SMS this action shall amount to consenting to being located.

The directive is not clear whether it is the user who shall give his consent or the subscriber. In most of the cases the subscriber to the service is also the user of the mobile device, so no problem actually appears. However things get more complicated when the two aforementioned attributes are not met in the same natural person, such as in the cases of localisation of employees, of minors or even of people that need assistance in using the mobile device. The use of Location Based Services by the car insurers in order to monitor the movement of the insured has also interesting implications and will be presented below. 

Usually, the person to whom the location data relate shall be the one who gives his consent. Sometimes the relationship between the user and the subscriber raises questions whether the consent is freely given, e.g. within the processing of workers’ personal data by the employer.  In the example of enterprise services the employer is the subscriber, while the employee is the user.  Respect to data protection principles would suggest that the person whose consent is needed for the processing of location data is the one whose data are actually processed: the employee (user). However in some cases the employer has a legitimate interest to know where the employee is during his working hours (e.g. the owner of a delivery company who has for instance a legitimate interest to know where the driver of a company track is). In such cases it is the employer the one to consent to the localisation of the mobile device when the device is used for working purposes and has the obligation to inform the employee about this.   

Similar thoughts, even if not pertaining directly to Location Based Services can be deployed for several activities that include the processing of employee’s location data by the employer. Such purposes can vary from the need to improve the distribution or organisation of the work to the surveillance of the use the employees make of the company’s means. Such processing raises two issues: the dividing line between work and private life and the degree of acceptable monitoring and surveillance of the employees. Processing location data can be justified where it is done for the planning of operation in real time but not anymore where it is done for the sole purpose of monitoring an employee’s work where it can be achieved by other means (WP29, WP115: 10). A balance needs to be struck between the interests of the employer and the workers with the aim to avoid a disproportionate control upon the latter.

The employer should make sure that the processing is really necessary vis-à-vis the purpose and that it can not be reached by other means less intrusive or more “fundamental rights-friendly”. Therefore, taking into consideration the highly-intrusive nature of location based processing, into privacy and the freedom of movement in an anonymous way, especially when they serve the purpose of locating third parties, this processing will only be justified whenever the purpose of the processing can not be achieved by any other means less intrusive for fundamental rights.  

Issues of the same kind have been raised with regard to a special kind of Location Based Services, the so-called passive Location Based Services. Passive Location Based Services are defined as those services where a mobile phone user, once he has enabled the service, consents to be located by another, when that other person initiates a location request either from another mobile phone or from a PC. Very popular are the so called Child Location Services that allow the parents to track their children. The Working Party 29 identified a series of questions which should be taken into account for further consideration. The fear of parents for criminal offences and the emergence of a nomadic way of living could lead the parents to use this service for their own reassurance. They introduce the use of mobile phones as part of a family contract: more freedom of communication for the children against the possibility to be localised by the parents.

In the UK, several mobile network operators and location service providers developed a Code of Practice for the use of passive location services in the UK where it was foreseen that “if the locatee is under 16, the parent or guardian must give consent to the child signing up to the location service. In addition, the child should also consent. If the child does not consent, his or her wishes must not be overridden and the service must not be activated. In the event that the child does not have the capacity to give consent, the consent of the parent will suffice”. Even when the subscriber, who is in this case the parent or guardian, and not the child (user), is the one to give his consent, the Location Based Service shall be offered only when the child agrees to it.

It shall however be mentioned that the need of the parents to monitor the whereabouts of their children should be limited by the right to privacy of the child as mentioned in the Convention on the Rights of the Child. The use of these services could hinder the establishment of a relationship based on mutual trust between the parents and their children and could have a negative impact on the course of the children to gain their autonomy. Moreover, such services could mislead the parents into believing the illusion that they control the activities of their children, when in fact the mobile phone only indicates where the child is, but not what he is doing. Finally, the widespread use of these services could accustom the children to be constantly controlled and thus to grow into individuals who do not consider being monitored as intrusive.

Great interest presents a case of the French Data Protection authority (CNIL), which had to evaluate the processing of location data from a car insurance Company. The Company wanted to introduce a location device into the car of its customers in order to control the compliance to his contractual obligations. This system would have been implemented on a voluntary basis and would have required the previous consent of the insured. This processing has not been authorised by the CNIL on the basis that a processing monitoring all the driver’s movements does not comply with the principle of proportionality, as long as it is exclusively implemented for the control of the respect of the contractual obligations of the driver. Besides, it considered that the systematic collection of vehicles’ location data with purpose of modulating insurance rates harms the freedom of movement in an anonymous way in unjustified manner. This position has been echoed by the Working Party 29 in its position paper on the e-call initiative.