This page contains a Flash digital edition of a book.
VitAL MANAGEMENT


B


USINESSESARE now better equipped than ever to deliver services based


on a person’s location. Applications using this data already abound, and the number will only grow over time. The law in this area is also evolving and back in May 2011, the EU’s national privacy regulators put their heads together to come up with a detailed guidance note on the issue. With this in mind it is worth looking at the current position so that location data can be used legally and with confidence.


Pinpointing the data Before delving into the legal issues, it is worth clarifying that location data enables the geographic pinpointing of a device – such as a smartphone, computer tablet or telematics device in a car. However, in most situations it is not the device itself that businesses are interested in – it’s the person using it.


There are three main ways of using modern technology to capture location data. GPS systems are driven by a network of geo- stationary satellites, each broadcasting radio signals of its position and time. When a device with a GPS chip picks up enough of these signals, its coordinates on the globe can be calculated very precisely.


Mobile phone-based station data is another way of calculating locations. Mobile phone networks are divided up into geographic areas, which are monitored by one or more overlapping base stations. Each phone has a separate ID, and as it moves around with its user, it continually monitors the available base stations for their relative signal strengths. As a result, a stream of data is collected by the network, which can be used to work out where the user is. In a similar way, both commercial and


domesticWi-Fi access points can also be used to calculate a person’s whereabouts. Wi-Fi enabled products, such as smartphones and laptops, continually search for suitable signals, which, if compared to a known database of Wi-Fi access points, can be used to pinpoint where the device and its user are. The most sophisticated applications can combine all of these sources of location


www.vital-mag.net


data in real time to obtain the most accurate picture possible.


Know the law There are two main pieces of legislation in the UK that businesses need to be aware of when using location data. Firstly, the Privacy and Electronic Communications Regulations 2003 (PECRs), which were recently amended following EU reforms and cover a wide range of issues. With regards to location data, they predominantly set rules for telecoms companies, but these rules have a knock-on effect for other users of location data. Secondly, the Data Protection Act 1998


(DPA), which, as many businesses will be aware, regulates the use of personal data. Personal data has a specific statuary meaning, but legal guidance on this issue has stretched the definition so that it is now very broad. So what are the key steps in using location data that companies need to consider?


1. Stop and reflect


In most instances, it should be fairly clear to businesses whether or not they are using location data. However, it is wise to be wary of cases of incidental use. For example, businesses providing hosting or development services to a client who has location-based applications will have access to this data, even if they don’t intend on using it directly for their own business. Companies in such a situation need to proceed carefully.While incidental use may help mitigate any breach, it won’t allow them to duck compliance issues altogether.


2. Consider the source The origin of location data determines the steps required to achieve legal compliance. It might come direct from end-user devices, telecoms providers and/or from third parties, or perhaps all three.


3. What is being collected? There are very few applications that actually collect ‘pure’ geographic location data in the sense of latitude and longitudes. Instead, they collect information which enables locations to be calculated. Whatever data businesses collect, they need to identify exactly


March / April 2012 : VitAL 23


If businesses are based and operating in the UK, then they need to comply with the DPA. However, if companies and their servers are in a number of different countries, they may need to familiarise themselves with the laws of each of those countries and act accordingly.


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68