The Struggle to Confirm Consent with Location Data

It’s no secret that companies are interested in your location data: it is valuable, insightful, and can provide them with much needed information to grow their businesses. Whenever you pick up your phone, there is a good chance that your location is being used–whether it be for directions, weather, or coffee shop recommendations, your data is often needed to show you the most meaningful and effective live results. That’s not the end of it, after the user is done using an app, location data is then sent back to the developer and then passed on to data-vending companies. These companies sell your data, which can be repurposed in a variety of different ways (mostly to market to you). For example, location data from smartphones is how Google measures traffic density on a road.

Despite being effective for business purposes, the usage of location data raises many ethical considerations for the individual: ‘How is my data being collected? Will my privacy be respected? What measures are in place to protect my data?’ As seen in some cases, granular location data can reveal an individual’s whereabouts in terrifying detail and can even provide clues to a person’s identity. With this in mind, it is important for users to understand how their personal data is used and what power they have over how it is collected.

Huq, one of many data-vending companies, obtains location information from everyday applications on phones and sells this data to other companies. Recently, it was revealed that some of the apps where data is collected from were unable to verify if users had given consent for data collection, and possibly collected data they did not have permission for in the first place. Being the middleman in the data collecting process, it is difficult for Huq to verify whether app developers have taken the proper steps in asking for the users’ consent when collecting location data. Turns out, this exact situation has happened. One app, which measures wifi strength, and another, which scanned barcodes, had failed to properly ask for consent from its users. In response, Huq maintained that respecting privacy and consent of users was one of their top priorities.