Apple smartphones and those running on Google’s Android system look set to come under tighter regulation in Europe, after an EU data protection advisory panel ruled on Wednesday that location information collected by the devices should be classed as personal data.
This is likely to mean strict limits on how location data can be collected and stored by smartphone companies, telecoms operators and any businesses hoping to run location-related services on phones.
Apple is already facing questions in the US, Germany and South Korea over its collection of data that tracked the rough location of iPhone users. The company has blamed this on a software flaw.
Researchers in Germany also found this week that the vast majority of Android handsets could be leaking data to hackers, and warned users to avoid using the devices on public WiFi networks. Ulm University research found that it was “quite easy” for hackers to intercept data from Google’s photo-sharing, calendar and contacts applications. Other Google services such as Gmail were also potentially vulnerable.
Google said on Wednesday it was rolling out a fix to address the security flaw.
The recent security breaches add urgency to Wednesday’s recommendations by the Article 29 Working Party, a panel of European data protection officials that advises the European Commission. The proposals are a first step to formulating a law on mobile phone location data, and could be written into Europe’s revised Data Protection Directive this year.
The working group said: “Since smartphones and tablet computers are inextricably linked to their owner, the movement patterns of the devices provide a very intimate insight into the private life of the owners. One of the great risks is that the owners are unaware they transmit their location, and to whom.”
The panel said companies should get permission from smartphone users before collecting geographic information and should specify what purpose the data are being used for. Location services must be switched off as a default.
Eduardo Ustaran, lawyer at Field Fisher Waterhouse, said that the advisory group’s strict view could hold back the industry. “If you are always relying on consent before people can access these technologies, it could have a damaging effect on new development.”
Many companies have been looking at using location data to send targeted advertising to smartphone users, but could now find it more difficult to so.
Eric Schmidt, Google chairman, said the company would be very careful about the use of location data on phones.
“Your phone typically knows where it is. It has to for emergency services. The question is what can you do with that information. We are very careful about that, but that is a new issue for society. My guess that is going to be pretty regulated, particularly in Europe.”