Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
podcast
Filter by Categories
ArcGIS Pro
GDAL
Map
Python
QGIS
Uncategorized

Designing for Location Privacy

Finding A Balance Between Location Data Utility And Privacy Protection

As our digital footprint continues to deepen, so does the complexity of managing the privacy and protection of our personal data. One category of data raising a unique set of challenges is location data. While it offers valuable insights into movement patterns, it is necessary to find a balance between value extraction and privacy protection.

About the guest

Elizabeth Hein is the vice president of compliance and data protection at Foursquare. Originally from an international law background, her journey into privacy began as a Global Trade Council at HP. In her current role at Foursquare, is at the forefront of location data privacy protection by working with engineers, product teams, and other stakeholders to create products that uphold users’ data security.

Why Is Location Data Considered Sensitive?

The sensitivity of location data stems from its revealing nature – offering insight into a person’s whereabouts and visitation patterns. 

This can unveil ‘sensitive’ locations they frequent, such as religious institutions or healthcare facilities, potentially leading to personal profiling. These sensitive areas are not problematic in themselves, but their association with a person’s movement pattern can raise privacy concerns.

How to Protect Location Data Privacy

One of the ways to enhance user privacy is by adhering to privacy standards such as the Enhanced Standards for Precise Location Information. Under this standard, it is prohibitive to share location data around certain locations that are viewed as sensitive, such as churches, cancer facilities, and abortion clinics. By adhering to such standards, businesses can prevent the misuse or wrongful sale of sensitive location data. Other methods for protecting privacy of location data include:

Protecting Privacy by Blurring Information

Timestamps can be blurred as a measure of protecting user privacy. Instead of providing an exact timestamp of when an individual visited a location (which may open avenues for privacy invasion), the time can be offset by adding or subtracting a certain number of hours. Further, shielding the exact XY location of a user and associating their location with a point of interest can enhance privacy protection. For instance, stating that a user was at a grocery store between noon and four o’clock safeguards privacy while offering meaningful data insights.

Protecting Privacy Through Data Aggregation

Data aggregation is a process that combines data from multiple users, creating a new dataset that allows for insights about specific locations without exposing any individual’s movement pattern. By implementing a coarser resolution and analyzing broader areas with more individuals, personal privacy is maintained while still providing useful insights. One way of data aggregation is by using percentages of a total instead of reporting exact individual data. This ensures that meaningful insights are delivered without revealing any individual movement patterns.

Working with Companies That Protect User Data

When purchasing data from companies, ensure that these companies have implemented stringent measures to protect user privacy. Key questions should include how the company acquires consent, audits their vendors, and safeguards data. A company’s commitment to user privacy must align with yours, and having someone knowledgeable in privacy is critical to user data protection. Collaborating with companies that share a similar dedication to user privacy will help maintain the safety and security of user data.

User Consent

The collection and use of location data should be based on informed user consent. It’s important to provide clear, concise, and easily understandable terms of use that explicitly state how location data will be collected, used, and shared.

Data Minimization

This principle involves only collecting the minimum amount of data needed to perform a specific function or service. For instance, a weather app may need to know a user’s general location to provide forecasts, but it doesn’t need to know their exact address.

Anonymization and Aggregation

To protect privacy, data should be anonymized or aggregated wherever possible. Aggregation involves combining data from multiple users to prevent individual identification, while anonymization removes personally identifiable information from the data.

Transparency

Companies should be open and transparent about their data collection, storage, and usage practices. Users should be informed about what data is collected, why it’s collected, how it’s used, and who it’s shared with.

Security

Location data can be sensitive, and it’s crucial to have robust security measures in place to protect this data from unauthorized access, data breaches, or misuse.

Purpose Limitation

The purpose limitation principle asserts that data should only be used for the purpose for which it was collected and that it should not be kept for longer than necessary.

Sensitive Locations

Certain locations, such as places of worship, medical facilities, or individual residences, are considered sensitive. There should be extra safeguards in place to protect data related to these locations.

Regulation Compliance:

Companies collecting location data must comply with various laws and regulations like the General Data Protection Regulation (GDPR) in the EU, and other regional or sector-specific regulations.

Right to Erasure or Rectification:

Users should have the right to correct their data if it’s incorrect and have their data erased if they no longer want a company to use it.

Data Protection by Design and Default:

Data protection should be built into the product from the beginning, not as an afterthought. It includes considering privacy at the initial design stage of product development, and it should be the default setting.

Transparency and Consent in Location Data Use

Transparency and consent play significant roles in how companies handle and use location data. Companies should be transparent about what they are doing with the data and should be aware of the potential implications of using the data. For instance, if a company is using location data to track user movements, they should be aware of the potential implications of this and should ensure that users are aware of the potential implications as well.

Part of collecting user consent is ensuring that the user understands what they are consenting to. But given the complexity and inherent difficulty of explaining the collection and usage of data, obtaining informed consent can be challenging. 

Privacy notices are often lengthy, full of legal jargon, and are quickly overlooked by users. Many users agree to these notices without truly understanding what they’re consenting to. A big task lies in finding ways to translate the complexities of data collection and use into comprehensible language that makes users feel safe rather than intimidated.

Reframing the Good in Location Data

Due to reports of how location data has been misused in the past, many people today are skeptical about how companies that collect their data ultimately use it. Essentially, reframing location data’s benefits can be instrumental in obtaining consent. 

Location data has the potential to aid in many useful ways such as in disaster management, public health, urban planning, and more. Companies need to communicate that their interest is in deriving broader insights and patterns, not in spying on individuals. 

By emphasizing these positive aspects, they can reassure users about the value and benefits of data collection. However, conveying such complex ideas effectively in a few seconds remains an incredibly tough problem to solve.

Approaching Data Regulation Cautiously

Looking into the future, there is an expectation for more stringent regulation surrounding data collection and use. However, caution should be taken against categorizing entire types of data as sensitive. 

The focus should be on the potential harm from misuse of data rather than regulating the data itself. This echoes the sentiments of privacy professor Daniel Solove, who advocates for regulating data use rather than the data itself in his article “Data Is What Data Does: Regulating Use, Harm, and Risk Instead of Sensitive Data

Another challenge in regulating technology is that the pace of technological advancement often outstrips that of lawmaking. It is difficult to regulate something that hasn’t been invented yet, making it a continuous challenge for legislators.

Navigating these issues is no small task, but it’s essential to find solutions that prioritize the protection of individual privacy while still extracting the valuable insights that location data offers. It is a complex area, but one we must continue to address to ensure a balance between data utility and privacy.

If you want to learn more about POI data and why points of interest data are so hard 

check out the episode called All of the Places in the World: https://mapscaping.com/podcast/all-of-the-places-in-the-world/

About the Author
I'm Daniel O'Donohue, the voice and creator behind The MapScaping Podcast ( A podcast for the geospatial community ). With a professional background as a geospatial specialist, I've spent years harnessing the power of spatial to unravel the complexities of our world, one layer at a time.