Vice Motherboard recently reported that a location data firm is selling information related to US clinics that provide abortions, including Planned Parenthood facilities. For just over US$160, journalists at Motherboard could purchase a week’s worth of data on where people who visited Planned Parenthood came from, how long they stayed there, and where they went afterwards.
Aggregated location data is widely available on the open market in the United States. This means that such data can also be purchased by political candidates, foreign governments, stalkers, or, for instance, anti-abortion activists.
The latter has already happened. In 2015, an anti-abortion group disclosed it was using location data and targeted advertising to target women’s smartphones while they were sitting in Planned Parenthood clinics. The London-based nongovernmental organization Privacy International published a series of investigations into the way anti-abortion groups use data in their advocacy.
The location data industry is worth an estimated $12 billion. Location data from mobile phones is one of many kinds of data that is routinely collected, enriched, and sold by advertising companies – with very little transparency and accountability.
Data brokers and mobile advertising companies that collect and sell location data typically claim the data is anonymized and does not put people in danger. However, it is well-established that anonymized data can be combined with private and publicly held data to re-identify individuals.
These days, data collection typically starts on our phones. Apps collect data, including about our location, for a variety of reasons: to track how many miles we have run, to show us the local weather, or to share our location with friends and family. For many people, it’s often very hard, if not impossible, to understand which data an app collects, and whether, how, or to whom the data is being sold – also because privacy policies are often missing, incomplete, or incomprehensible.
The rights to privacy and many related freedoms depend on our ability to make choices about how, and with whom, we share our data. That’s why comprehensive data protection laws are essential for protecting human rights.
The US Congress should adopt a strong federal data protection law that regulates the collection, analysis, and sharing of personal data by companies with security and intelligence agencies. It should also regulate data use by advertisers, data brokers who may engage in discriminatory profiling, and others whose actions may result in rights abuses. Additionally, the law should also require human rights impact assessments for their operations globally.