Privacy Notes: Geofencing and Guidelines for LBS Developers

by C. Enrique Ortiz, July 2004. Updated on September 29th, 2004

Location-based applications can bring many benefits to business processes. But poorly used or mismanaged, they can become a major area of concern. In this essay I will cover some background information on location based applications, some privacy concerns and finally some guidelines that should be considered by location-based software designers and developers.

Generally, location-based applications have been adopted at a much slower rate than anticipated. One space, the monitoring of employees in the field, seems to have quite a bit of traction.

Monitoring can either be passive or active.  Passive monitoring is when a client device on the field transmits its location coordinates to a server, and reports are generated on demand for things such as determining who should be dispatched to a particular job based on his/her location (i.e. distance from the job to do). Active monitoring is where monitoring is automated and alerts go off if some location-specific conditions are met, for example, when someone enters or leaves a predetermined region.  The technique for defining this area of active monitoring is called geo-fencing. Geo-fencing is a software feature found on location-based systems that provide the ability to (visually) define (on a map) a boundary such as a 4-point geographic boundary or a radius, a boundary that defines the areas of "normal" or expected operation for assets such as vehicles, or even employees. Below is an example of a geo-fence:

"Items" that are monitored are constantly transmitting their location (coordinates) that are typically gathered using GPS, but other technologies such as RFIDs can be used to determine location. Coordinates are then transmitted, together with other information, to a server on the Internet. Back to geofencing, the defined boundaries are then automatically monitored by software and if crossed, an alert is fired. These alerts can be defined such that an individual person or other asset can be tracked with great granularity, providing great detail on the whereabouts of "assets". Monitoring people's location is obviously an area of concern, but this automatic monitoring is even of greater concern, as it can be mismanaged, intentionally or not.

As a person who has been involved in the design and development of location-based solutions, I understand the benefits of geofencing, especially for tracking expensive and/or sensitive assets such as vehicles, (perishable) merchandise, or similar. But if applied to people, it MUST be properly managed, otherwise the use of this technology becomes a serious (privacy) concern.

Because of these aforementioned concerns, tracking people's location must be justified, and mainly limited to tracking non-people-type of assets. But if people must be tracked, designers and developers of location-based applications should consider the following guidelines:

1. Present a privacy note: the user must be notified that the application collects, records and transmits personal (location) information.
2. This privacy notice must be properly localized (i.e. right language for the particular country) and must be explicit.
3. This privacy notice must be displayed and acknowledge, at least once (probably the first time the application is used). This acknowledgement must be recorded.
4. This privacy notice should be re-displayed every once in a while, lets say once a month, or once a quarter, or something that is configurable, but the notice should never be disabled.
5. The client application must provide the means to turn off "location tracking" at ANY time. Always give the device-user the ultimate decision for being tracked or not!
6. Location information and other personal information, if stored on the device, must be safeguarded: 1) not accessible by other programs or entities, 2) and possibly encrypted.
7. Location information and other personal information, if transmitted, must be properly encrypted.
8. And if stored on the server, must be totally safeguarded.
9. If possible, use passive tracking

When designing and coding software, let's be proactive, and respect the basic rules of privacy...

• Geofencing may keep employees in check, but they might not stick around (InfoWorld)
• Micro-management with GPS/cellphone (Engadget)