Wireless Industry Commitment
Best Practices and Guidelines for Location Based Services .
CTIA Best Practices and Guidelines (“Guidelines”) are intended to promote and protect user privacy as new and exciting Location-Based Services (“LBS”) are developed and deployed. Location Based Services have one thing in common regardless of the underlying technology – they rely on, use or incorporate the location of a device to provide or enhance a service. Accordingly, the Guidelines are technology-neutral and apply regardless of the technology or mobile device used or the business model employed to provide LBS (e.g., a downloaded application, a web-based service, etc.).
The Guidelines primarily focus on the user whose location information is used or disclosed. It is the user whose privacy is most at risk if location information is misused or disclosed without authorization or knowledge. Because there are many potential participants who play some role in delivery of LBS to users (e.g., an application creator/provider, an aggregator of location information, a carrier providing network location information, etc.), the Guidelines adopt a user perspective to clearly identify which entity in the LBS value chain is obligated to comply with the Guidelines. Throughout the Guidelines, that entity is referred to as the LBS Provider. The Guidelines rely on two fundamental principles: user notice and consent.
- LBS Providers must ensure that users receive meaningful notice about how location information will be used, disclosed and protected so that users can make informed decisions whether or not to use the LBS and thus will have control over their location information.
- LBS Providers must ensure that users consent to the use or disclosure of location information, and LBS Providers bear the burden of demonstrating such consent. Users must have the right to revoke consent or terminate the LBS at any time.
Users should have confidence when obtaining an LBS from those LBS Providers that have adopted the Guidelines that their location information will be protected and used or disclosed only as described in LBS Provider notices. By receiving notice and providing consent consistent with these Guidelines, users will maintain control over their location information. The Guidelines encourage LBS Providers to develop and deploy new technology to empower users to exercise control over their location information and to find ways to deliver effective notice and obtain consent regardless of the device or technology used or business model employed.
The Guidelines apply to LBS Providers. The following examples identify common situations and illustrate who is and is not an LBS Provider with obligations under the Guidelines. Examples of LBS Providers1:
Scope of Coverage
The Guidelines apply whenever location information is linked by the LBS Provider to a specific device (e.g., linked by phone number, userID) or a specific person (e.g., linked by name or other unique identifier). The Guidelines do not apply to location information used or disclosed:
- As authorized or required by applicable law (e.g., to respond to emergencies, E911, or legal process);
- To protect the rights and property of LBS Providers, users or other providers of location information;
- For testing or maintenance in the normal operation of any network or LBS; or
- In the form of aggregate or anonymous data.
An important element of the Guidelines is notice. LBS Providers must ensure that potential users are informed about how their location information will be used, disclosed and protected so that they can make informed decisions whether or not to use the LBS, giving the user ultimate control over their location information. The Guidelines do not dictate the form, placement, terminology used or manner of delivery of notices. LBS Providers may use written, electronic or oral notice so long as users have an opportunity to be fully informed of LBS Providers’ information practices. Any notice must be provided in plain language and be understandable. It must not be misleading, and if combined with other terms or conditions, the LBS portion must be conspicuous
If, after having obtained consent, LBS Providers want to use location information for a new or materially different purpose not disclosed in the original notice, they must provide users with further notice and obtain consent to the new or other use. LBS Providers must inform users how long any location information will be retained, if at all. If it is not practicable to provide an exact retention period, because, for example, the retention period depends on particular circumstances, the LBS Provider may explain that to users when disclosing its retention policies.
LBS Providers that use location information to create aggregate or anonymous data by removing or permanently obscuring information that identifies a specific device or user must nevertheless provide notice of the use.
LBS Providers that share location information with third parties must disclose what information will be provided and to what types of third parties so that users can understand what risks may be associated with such disclosures.LBS Providers must inform users how they may terminate the LBS, and the implications of doing so. LBS Providers also must ensure that any privacy options or controls available to users to restrict use or disclosure of location information by or to others are explained to users.
LBS Providers must periodically remind users when their location information may be shared with others and of the users’ location privacy options, if any. The form, placement, terminology used, manner of delivery, timing and frequency of such notice depends on the nature of the LBS. For example, one would expect more reminders when the service involves frequent sharing of location information with third parties and fewer reminders, if any, when the service involves one-time, user-initiated concierge service calls (e.g., locating a nearby service). In addition, depending on the circumstances, the use of an icon or other symbol to disclose when location information may be shared may be a more effective means of reminding consumers than a written notice.
In some circumstances, account holders (as opposed to users) may control the installation and operation of LBS. In addition to providing notice to the account holder, LBS Providers still must ensure that notice is provided to each user or device that location information is being used by or disclosed to the account holder or others. Once again, the content, timing and frequency of such notice depends on the nature of the LBS.
- Account Holder Consent: In some cases, where the actual user is different than the account holder, an account holder may control the installation and operation of LBS (e.g., business account holder utilizing LBS for fleet management; parental account holder providing phones for childrens’ use). Under these circumstances, the appropriate consent may be obtained solely from the account holder. As noted above, however, LBS Providers still must ensure that notice is provided to each user or device that location information is being used by or disclosed to the account holder or others.The following examples are illustrative of account holder consent upon which the LBS Provider may rely to use or disclose users’ location:
|Example 9: Fleet Tracking/Employee Monitoring: A business entity purchases multiple lines to permit tracking employee locations to provide for rapid response repair service, just-in-time delivery, or fleet management.|
|Example 10: Public Safety: The LBS Provider enters into an agreement with a public safety organization to provide monitoring compliance with terms of supervised release and house arrest, terms of bail for bondsmen, protecting public officials on duty, or military force movements.|
|Example 11: Parental Controls: The LBS Provider offers a service to notify parents when a child arrives at or leaves a designated place.|
|Example 12: Family Safety: The LBS Provider offers a family safety feature to locate family members in an emergency or other specified circumstances.|
- Revocation of Consent: LBS Providers must allow users to revoke their prior consent to use or disclose location information to all or specified groups or persons.
Where technically feasible, LBS Providers may provide for selective termination or restriction of an LBS upon account holder request. An account holder may revoke or terminate all or a portion of any users’ consent to an LBS.
- The Guidelines do not dictate terms of service that LBS Providers must offer to users with regard to an LBS. Nor do the Guidelines dictate any technical implementation for terminating or restricting an LBS.
- Security of Location Information. LBS Providers must employ reasonable administrative, physical and/or technical safeguards to protect a user’s location information from unauthorized access, alteration, destruction, use or disclosure. LBS Providers should use contractual measures when appropriate to protect the security, integrity and privacy of user location information.
- Retention and Storage of Location Information: LBS Providers should retain user location information only as long as business needs require, and then must destroy or render unreadable such information on disposal. If it is necessary to retain location information for long-term use, where feasible, LBS Providers should convert location information to aggregate or anonymized data.
- Reporting Abuse: LBS Providers should provide a resource for users to report abuse and provide a process that can address that abuse in a timely manner.
- Compliance with Laws: LBS Providers must comply with applicable laws regarding the use and disclosure of location information, and in particular, laws regarding the protection of minors. In addition, it is recommended that LBS Providers comply with applicable industry best practices and model codes.
- Education: In addition to any notices required under the Guidelines, LBS Providers certifying under the Guidelines will work with CTIA in an education campaign to inform users regarding the responsible use of LBS and the privacy and other risks associated with the disclosure of location information to unauthorized or unknown third parties. All entities involved in the delivery of LBS, including wireless carriers, device manufacturers, operating system developers, application aggregators and storefront providers, should work to educate users about the location capabilities of the devices, systems, and applications they use as well as to inform them of the various privacy protections available.
- Innovation: LBS Providers develop and deploy technology to empower users to exercise control over their location information and to find ways to deliver effective notice and obtain consent regardless of the device or technology used or business model employed.
- Compliance with Guidelines: LBS Providers that comply with the Guidelines may self-certify such compliance by placing the following statement in their marketing or promotional materials: “LBS Provider follows CTIA’s Best Practices and Guidelines for Location-Based Services.”
Caveat: The examples are illustrative only and do not imply that compliance with the Guidelines alone permits such uses or services. The terms on which access to location information is made available from wireless carriers to third parties, or the terms under which applications are made available to users, are beyond the scope of the Guidelines.