Our attachment to smartphones has made them the perfect devices to track our movements — providing invaluable data to businesses and governments. Little do we know that many apps on our phones allow location data companies to pinpoint how we spend our days. A New York Times investigation was able to use a data set to track the movements of individuals commuting to their offices, picking up their children at school, and even breaking their routines to go on a job interview.1
Rising concern over location tracking is just one example of how protecting privacy is becoming increasingly complex. COVID-19 is exacerbating the issue as governments and businesses experiment with new technologies to track and contain the outbreak. These efforts are saving lives, but they also raise fears about intruding on privacy and exposing personal health data.
Privacy management is often seen as the responsibility of compliance and legal professionals, aided by the cybersecurity team. But more and more organizations are realizing that privacy is impacting stakeholders in just about every corner of the organization. Managing privacy risk brought on by location tracking requires a concerted effort that also includes human resources, operations, information security, communications and investor relations.
Privacy claims for location tracking subject to public and regulatory scrutiny
Did you know that having a weather app on your phone could mean your personal movements are tracked second by second and sold to third parties, even when you’re not using the app? That’s the basis of a 2019 lawsuit filed by the Los Angeles City Attorney’s office. The suit charges that the information on selling data to third parties was hidden in the privacy policy and privacy settings sections of the app, which “the vast majority of users” don’t read.2
Many companies that collect location data claim it doesn’t violate privacy because the data is anonymous, users consent to be tracked, and data is kept securely. But The New York Times investigation shows these claims don’t always hold up to legal or regulatory scrutiny. For example, pings showing a daily route from a house to an office easily identify a person.