Just a decade or two ago, it would have seemed bizarre to suggest that everyone would soon be carrying a device in their pocket that logs their movements and broadcasts their location. With the advent of mobile technology, that vision has basically become a reality.
But the fact is that location tracking can be a useful and desirable feature of many apps. Used wisely, it can be an unintrusive means to provide valuable services and relevant information. But, used carelessly, it can represent a significant threat to privacy.
If you're hoping to use location data as part of your app, following these steps will help you meet your legal and contractual obligations while protecting your users.
Location Data and Privacy Law
It seems reasonable to claim that people have a right not to have their movements observed and logged by third parties. This right should be compatible with owning a mobile phone, which is close to essential in the modern world.
The reality is that, from a legal perspective, people only have this right in certain circumstances, and in certain places.
Monitoring user location does fall under the scope of many privacy laws. But privacy law varies considerably from place to place. App developers need to pay close attention to these laws.
And it's important to note that if you have users outside of your company's home country (for example, if you're a US company whose app is available in the EU), you might also need to obey the laws of the countries in which your users are based.
United States Laws
The US has relatively weak privacy laws. There is no comprehensive federal privacy law. Instead, there's a patchwork of different laws that apply in various contexts.
The follow US laws could apply to location tracking:
- The Federal Trade Commission issues guidance on privacy practices, including location tracking. Although this guidance is not legally binding, the FTC has used trade law to stop companies covertly tracking user location.
- The Children's Online Privacy Protection Act (COPPA) regulates the tracking of children's behavior. The providers of the video networking app TikTok were fined $5.7 million in February 2019 under COPPA for collecting the location data (and other personal information) of children without parental consent.
European Union Laws
The EU has the strictest privacy laws in the world. The General Data Protection Regulation (GDPR) sets the rules for the processing of personal information in all aspects of business and public life.
Here's what you need to know about the GDPR:
- It applies to all companies based in the EU. It also applies to non-EU companies offering goods and services or monitoring the behavior of people in the EU. So if you provide an app that's available to EU users, you must comply with the GDPR.
- It defines personal information ("personal data") in a very broad way, meaning that location data and other information such as IP addresses and cookies are covered.
- It places strict obligations on companies to provide transparent information and earn consent (where appropriate) when they collect personal information. It also regulates the storage, sharing, and transfer of personal information.
Each country of the EU (including the UK) has its own version of the GDPR and has its own Data Protection Authority responsible for enforcing it. These Data Protection Authorities can impose substantial fines on companies who break the rules - up to 4 percent of annual turnover or €20 million.
Laws of Other Places
Many other countries have laws that will impact on your ability to collect location data from people living there.
- In Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) regulates privacy at the federal level. The Act provides a broad definition of personal information, and the Office of the Privacy Commissioner suggests that apps should not track user location unless it is totally necessary and the user has their given informed consent.
- In South Africa, the Protection of Personal Information Act (POPI Act) sets standards of privacy in South Africa at a level of strictness comparable to the EU.
Location Data and Third-Party Agreements
It's quite clear that there's a legal obligation to exercise caution when using location data. But you don't even have to look to national law for this obligation.
Apps aren't created in isolation. The chances are that you'll be relying on the technology or distribution platforms of third-party companies such as Apple or Google when developing and distributing your app.
These third parties have strict requirements on how developers collect location data and other personal information from their users.
Developers who are created using the Android Software Development Kit (SDK) are subject to Terms and Conditions that constitute a license agreement for the product.
Use of the Android SDK is conditional on agreement with these terms, and violating the terms amounts to a breach of contract with Google.
Here's an important excerpt from the Android SDK Terms and Conditions:
A similar provision exists in the Google Play Developer Distribution Agreement.
This is a legally-binding contract with which you must agree before you can get your app hosted in the Google Play Store.
Here's the relevant part of the agreement:
Note that in addition to the stipulations regarding obeying privacy law, the agreement also limits the use of personal information (such as location data) to those purposes for which a user has given permission for it to be used.
So if your app uses location data, you must ask a user's permission for this, and this permission is only to be requested in connection with a specific purpose.
Google has shown that it won't hesitate to remove apps from its platform if developers violate its policies.
Respect for privacy is increasingly treated as a unique selling point by Apple. Whilst they are often more expensive than Google products, Apple products are less focused on collecting personal information and building a profile of users for marketing purposes.
This means that Apple is very strict about what it will allow developers to do on its platform.
First, let's look at the Xcode and Apple SDKs Agreement. This contract is in place between Apple and all developers of apps using an Apple proprietary SDK.
This agreement makes extensive reference to the use of location data. The use of location data is prohibited altogether for some purposes:
Apple also places a specific requirement on developers to obtain consent from a user before their location data can be collected:
Needless to say, developers must obey the law. Apple even makes specific reference to "location service laws":
Apple's App Store Review Guidelines, an agreement which governs the terms on which an app may be distributed to the billion-plus App Store users, also makes specific reference to location data:
Location data must be used restrictively and only with consent.
You may have already guessed that the App Store Review Guidelines require full compliance with privacy law. In this respect, the guidelines are particularly specific.
Where consent cannot be obtained in respect of a specific device permission, the app must offer alternative solutions that still allow the user to meaningfully use the app:
Failure to comply with the rules around location data could lead to your app being removed from the App Store. In May 2018, the Apple news website 9to5 Mac reported that Apple was purging apps from the platform that it accused of sharing location data without consent.
Best Practices for User Location
Broadly speaking, there are two things you need to do before you can access location data via a user's device.
- Request consent within your app
You also need to consider whether your app requires location data, and how accurate it needs to be. The greater the accuracy with which you are able to determine the location of a device, the greater the risk to a person's privacy.
Full transparency is required. When it comes to location data, you need to let your users know:
- How you use location data
- Why you use it
- Under what conditions you'll use it
- How they can stop you
Here's the summary:
And here's the longer explanation:
Note the highlighted section. Uber users can refuse the processing of their location data and manually enter an address instead, but this will affect how the Uber app functions.
The purpose of collecting user location data is obvious for an app like Uber. Other apps use location data in different ways. Full transparency is essential.
Facebook also provides further information about its use of location data in its Privacy Basics guidance:
As we've seen, consent is an important part of many privacy laws. It's also an integral part of the agreements you sign up to when developing and publishing your app.
It's essential that you get permission for using location data. Permissions work differently on different mobile operating systems.
Android developers can access two types of location data, which provide different levels of accuracy:
- Coarse - Coarse location is determined by using WiFi and mobile data. User location can be pinpointed to within roughly a city block. Access to coarse location data requires the coarse location permission string to be added to the app manifest.
- Fine - Fine location is determined by using GPS data in addition to mobile and WiFi data. This allows for more accurate geolocation. Access to fine location data also has a corresponding fine location permission string.
Google provides some guidance on implementing these permission requests:
You should think carefully about whether your app should request access to coarse or fine location data. Fine location data will not be necessary for every purpose.
It's important to note, however, that both permissions are classed as "dangerous" permissions by Google. You can read more about the different categories of permission in our article Android Collection of Data and Sensitive Data.
Google also provides the following advice about how and when to request access to location data:
All requests for the location permission should be accompanied or preceded by an explanation of why the permission is needed.
Here's an example from the Stagecoach bus app for Android:
And here's how the MyTaxi app handles this. Before triggering the location permission request, MyTaxi provides this explanation of why this access is required:
Tapping "Continue" brings up the actual permission request:
Research from Carnegie Mellon indicates that users are much more likely to agree to app permission requests if the reason for the request has been properly explained.
Apple gives users more control over how apps collect location data from their devices.
There are two ways in which Apple users can authorize an app to provide location access.
- Always authorization - The app can collect location data in the background. iOS will periodically remind the user that the app is doing so.
- When-In-Use authorization - The app will only collect location data in the foreground, when the app is in use.
Here's how an Apple user-facing support document explains this distinction:
Here's how the two-tier permission request looks on an iPhone, from Apple's Human Interface Guidelines:
Apple also provides guidance for developers on how to request Always authorization and When-In-Use authorization.
Developers should be mindful of this distinction when designing their iOS app. It's advisable to design your app in such a way that background location access is not required. That way, if a user rejects this permission request, your app can still function in a useable way.
Users are also able to adjust location settings at any time through individual app settings, such as this example from the Yelp app. Note how an explanation is added at the bottom of the menu to help explain more about levels of permission:
Apple's Human Interface Guidelines offer some advice about how and when to request location permission. Key takeaways include:
- Only request a permission at app launch if it's necessary for the core functioning of your app. So whereas a run-tracking app might request location access at launch, a voucher codes app might not need to do so until the user wants to search for local deals.
- Don't use custom prompts. Stick to the default alert for requesting location access.
- Always provide a purpose string to explain the reason for your location permission request. Apple's guidance on Accessing Protected Resources will help you create a purpose string.
The lesson is clear. If your app accesses location data but you don't respect your users' privacy, it won't be long before it is removed from circulation, or, worse yet, you have legal issues to deal with.
Here's how to use location data the right way:
- Know the law that applies to you and your users
- Understand the agreements you have in place with third parties
- Consider whether you actually need access to user location, and how much accuracy you really require
- Request consent, and explain your reasons for doing so