We’ve written in the past about the dangers of location data, but recent headlines have once again highlighted its extremely problematic nature. The US Federal Communications Commission fined four mobile carriers $200 million for selling customers’ location data, and Google is paying a $62 million settlement in a class-action lawsuit alleging that it collected location data without consent.
Yes, precise location data is useful: It helps identify consumers who live near a store or retail location, measure foot traffic, geofence stores and produce award-winning marketing campaigns, and deliver location-based advertising. But it comes with a dark underbelly. As we’ve noted before, location data is inherently sensitive — you can’t anonymize data that literally follows you to your doctor appointments, your place of work, your place of worship, and your home. And these recent fines and settlements show that consent is fragile at best and nonexistent at worst.
Data Reselling And Complex Opt-Outs Land Companies In Hot Water
The mobile carriers’ response to the FCC fine exemplifies the challenges with location data. The FCC argues that the carriers — AT&T, Sprint, T-Mobile, and Verizon — sold location data to aggregators, which then resold the data to third parties. According to The Wall Street Journal report, the carriers believed the downstream companies would be in charge of obtaining consent before using the data, while Verizon framed the issue as one “bad actor” that it cut off from accessing customers’ location data.
Google’s case centered on the complexity of opt-out mechanisms that it presented to users who didn’t want Google to collect or store their location data. Disabling a “location history” setting did not, in fact, disable location history, as Google continued to collect location data nested under a separate “web and app activity” setting. If this sounds familiar, it’s because Google settled a similar suit with 40 US state attorneys general over the same settings.
Stop Buying Location Data — It’s Too Risky
The reality is that location data is never going to be squeaky-clean. Users share locations with apps for specific use cases, such as avoiding traffic jams or finding the closest coffee shop, and they can’t be reasonably expected to understand the myriad ways that their location data can be sold, resold, and repackaged. Our advice:
- For companies buying precise location data from third parties, it’s time to stop. The risks of regulatory fines, brand reputation damage, consumer backlash, and class-action lawsuits far outweigh the benefits.
- Collect location data in a first-party context, or settle for location proxies instead.
As always, we’re here to help. Request a guidance session with me to review your data strategy.