Privacy Practices for User Location

Privacy Practices for User Location

Just a decade or two ago, it would have seemed bizarre to suggest that everyone would soon be carrying a device in their pocket that logs their movements and broadcasts their location. With the advent of mobile technology, that vision has basically become a reality.

But the fact is that location tracking can be a useful and desirable feature of many apps. Used wisely, it can be an unintrusive means to provide valuable services and relevant information. But, used carelessly, it can represent a significant threat to privacy.

If you're hoping to use location data as part of your app, following these steps will help you meet your legal and contractual obligations while protecting your users.


Location Data and Privacy Law

It seems reasonable to claim that people have a right not to have their movements observed and logged by third parties. This right should be compatible with owning a mobile phone, which is close to essential in the modern world.

The reality is that, from a legal perspective, people only have this right in certain circumstances, and in certain places.

Monitoring user location does fall under the scope of many privacy laws. But privacy law varies considerably from place to place. App developers need to pay close attention to these laws.

And it's important to note that if you have users outside of your company's home country (for example, if you're a US company whose app is available in the EU), you might also need to obey the laws of the countries in which your users are based.

United States Laws

The US has relatively weak privacy laws. There is no comprehensive federal privacy law. Instead, there's a patchwork of different laws that apply in various contexts.

The follow US laws could apply to location tracking:

  • The California Online Privacy Protection Act (CalOPPA) requires websites and apps to provide a Privacy Policy if they collect personal information from California residents. However, it's debatable whether the Act deems location data to be a type of personal information.
  • The Federal Trade Commission issues guidance on privacy practices, including location tracking. Although this guidance is not legally binding, the FTC has used trade law to stop companies covertly tracking user location.
  • The Children's Online Privacy Protection Act (COPPA) regulates the tracking of children's behavior. The providers of the video networking app TikTok were fined $5.7 million in February 2019 under COPPA for collecting the location data (and other personal information) of children without parental consent.

European Union Laws

The EU has the strictest privacy laws in the world. The General Data Protection Regulation (GDPR) sets the rules for the processing of personal information in all aspects of business and public life.

Here's what you need to know about the GDPR:

  • It applies to all companies based in the EU. It also applies to non-EU companies offering goods and services or monitoring the behavior of people in the EU. So if you provide an app that's available to EU users, you must comply with the GDPR.
  • It defines personal information ("personal data") in a very broad way, meaning that location data and other information such as IP addresses and cookies are covered.
  • It places strict obligations on companies to provide transparent information and earn consent (where appropriate) when they collect personal information. It also regulates the storage, sharing, and transfer of personal information.

Each country of the EU (including the UK) has its own version of the GDPR and has its own Data Protection Authority responsible for enforcing it. These Data Protection Authorities can impose substantial fines on companies who break the rules - up to 4 percent of annual turnover or €20 million.

Laws of Other Places

Many other countries have laws that will impact on your ability to collect location data from people living there.

  • In Australia, the federal Privacy Act of 1998 sets the rules for companies with a turnover of €3 million AUD or higher. Location data is likely to fall under the scope of the Privacy Act, and full disclosure of location-tracking practices via a Privacy Policy would be required.
  • In Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) regulates privacy at the federal level. The Act provides a broad definition of personal information, and the Office of the Privacy Commissioner suggests that apps should not track user location unless it is totally necessary and the user has their given informed consent.
  • In South Africa, the Protection of Personal Information Act (POPI Act) sets standards of privacy in South Africa at a level of strictness comparable to the EU.

Location Data and Third-Party Agreements

Location Data and Third-Party Agreements

It's quite clear that there's a legal obligation to exercise caution when using location data. But you don't even have to look to national law for this obligation.

Apps aren't created in isolation. The chances are that you'll be relying on the technology or distribution platforms of third-party companies such as Apple or Google when developing and distributing your app.

These third parties have strict requirements on how developers collect location data and other personal information from their users.

Google (Android)

Icon of Android

Developers who are created using the Android Software Development Kit (SDK) are subject to Terms and Conditions that constitute a license agreement for the product.

Use of the Android SDK is conditional on agreement with these terms, and violating the terms amounts to a breach of contract with Google.

Here's an important excerpt from the Android SDK Terms and Conditions:

Android Developer Terms and Conditions: Clause to agree to protect the privacy and legal rights of users

This clause requires anyone using the Android SDK to respect privacy rights, protect personal information, and provide a legally-compliant Privacy Policy.

A similar provision exists in the Google Play Developer Distribution Agreement.

This is a legally-binding contract with which you must agree before you can get your app hosted in the Google Play Store.

Here's the relevant part of the agreement:

Google Play Developer Distribution Agreement: Clause requiring protecting privacy rights and providing privacy notice

Note that in addition to the stipulations regarding obeying privacy law, the agreement also limits the use of personal information (such as location data) to those purposes for which a user has given permission for it to be used.

So if your app uses location data, you must ask a user's permission for this, and this permission is only to be requested in connection with a specific purpose.

Google has shown that it won't hesitate to remove apps from its platform if developers violate its policies.

Apple (iOS)

Icon of iOS

Respect for privacy is increasingly treated as a unique selling point by Apple. Whilst they are often more expensive than Google products, Apple products are less focused on collecting personal information and building a profile of users for marketing purposes.

This means that Apple is very strict about what it will allow developers to do on its platform.

First, let's look at the Xcode and Apple SDKs Agreement. This contract is in place between Apple and all developers of apps using an Apple proprietary SDK.

This agreement makes extensive reference to the use of location data. The use of location data is prohibited altogether for some purposes:

Apple SDK Agreement: Location-based APIs and services clause

Apple also places a specific requirement on developers to obtain consent from a user before their location data can be collected:

Apple SDK Agreement: Apple Maps Service - Location Accuracy clause

Needless to say, developers must obey the law. Apple even makes specific reference to "location service laws":

Apple SDK Agreement: Compliance with Laws clause

Apple's App Store Review Guidelines, an agreement which governs the terms on which an app may be distributed to the billion-plus App Store users, also makes specific reference to location data:

Apple App Store Review Guidelines: Legal - Location Services clause

Location data must be used restrictively and only with consent.

You may have already guessed that the App Store Review Guidelines require full compliance with privacy law. In this respect, the guidelines are particularly specific.

The guidelines require all apps to be accompanied by a Privacy Policy:

Apple App Store Review Guidelines: Clause for Data Collection and Storage

Where consent cannot be obtained in respect of a specific device permission, the app must offer alternative solutions that still allow the user to meaningfully use the app:

Apple App Store Review Guidelines: Clause for Data Collection and Storage - Alternative Access clause

Failure to comply with the rules around location data could lead to your app being removed from the App Store. In May 2018, the Apple news website 9to5 Mac reported that Apple was purging apps from the platform that it accused of sharing location data without consent.

Best Practices for User Location

Best Practices for User Location

Broadly speaking, there are two things you need to do before you can access location data via a user's device.

  • Create a Privacy Policy that explains how you use location data
  • Request consent within your app

You also need to consider whether your app requires location data, and how accurate it needs to be. The greater the accuracy with which you are able to determine the location of a device, the greater the risk to a person's privacy.

Create a Privacy Policy

A Privacy Policy should let your users know all about how and why you collect personal information, including location data.

Full transparency is required. When it comes to location data, you need to let your users know:

  • How you use location data
  • Why you use it
  • Under what conditions you'll use it
  • How they can stop you

A Privacy Policy must use clear and simple language. Here's an example from Uber. Uber provides a plain-language summary of each section of its Privacy Policy alongside a more detailed version.

Here's the summary:

Uber Privacy Notice: Data collections and uses summary with location data highlighted

And here's the longer explanation:

Uber Privacy Notice: Data created during use of services clause - Location section

Note the highlighted section. Uber users can refuse the processing of their location data and manually enter an address instead, but this will affect how the Uber app functions.

The purpose of collecting user location data is obvious for an app like Uber. Other apps use location data in different ways. Full transparency is essential.

Here's a relevant section of Facebook's Privacy Policy:

Facebook Data Policy: How we use location-related information clause

Facebook also provides further information about its use of location data in its Privacy Basics guidance:

Facebook Privacy Basics: Screenshot of Location page

How to Create a Privacy Policy for Your Mobile App

TermsFeed Privacy Policy Generator: How to Create a Privacy Policy for Your Mobile App

Our Privacy Policy Generator makes it easy to create a Privacy Policy for your website. Just follow these steps:

  1. Click on the "Privacy Policy Generator" button.
  2. At Step 1, select the App option and click "Next step":
  3. TermsFeed Privacy Policy Generator: Create Privacy Policy - Step 1

  4. Answer the questions about your mobile app and click "Next step" when finished:
  5. TermsFeed Privacy Policy Generator: Answer questions about Mobile App - Step 2

  6. Answer the questions about your business practices and click "Next step" when finished:
  7. TermsFeed Privacy Policy Generator: Answer questions about business practices  - Step 3

  8. Enter your email address where you'd like your policy sent, select translation versions and click "Generate."

    TermsFeed Privacy Policy Generator: Enter your email address - Step 4

    You'll be able to instantly access and download your new Privacy Policy.


Get Consent

As we've seen, consent is an important part of many privacy laws. It's also an integral part of the agreements you sign up to when developing and publishing your app.

It's essential that you get permission for using location data. Permissions work differently on different mobile operating systems.

Android

Android developers can access two types of location data, which provide different levels of accuracy:

  • Coarse - Coarse location is determined by using WiFi and mobile data. User location can be pinpointed to within roughly a city block. Access to coarse location data requires the coarse location permission string to be added to the app manifest.
  • Fine - Fine location is determined by using GPS data in addition to mobile and WiFi data. This allows for more accurate geolocation. Access to fine location data also has a corresponding fine location permission string.

Google provides some guidance on implementing these permission requests:

Android Developers documentation: Guidance to specify app permissions for location

You should think carefully about whether your app should request access to coarse or fine location data. Fine location data will not be necessary for every purpose.

It's important to note, however, that both permissions are classed as "dangerous" permissions by Google. You can read more about the different categories of permission in our article Android Collection of Data and Sensitive Data.

Google also provides the following advice about how and when to request access to location data:

Google Maps Platform documentation: Request runtime permissions - Location section

All requests for the location permission should be accompanied or preceded by an explanation of why the permission is needed.

Here's an example from the Stagecoach bus app for Android:

Stagecoach bus app: Access permissions screen

And here's how the MyTaxi app handles this. Before triggering the location permission request, MyTaxi provides this explanation of why this access is required:

MyTaxi app: Continue - Access location permissions screen

Tapping "Continue" brings up the actual permission request:

MyTaxi app: Access location permissions screen with allow and deny options

Research from Carnegie Mellon indicates that users are much more likely to agree to app permission requests if the reason for the request has been properly explained.

iOS

Apple gives users more control over how apps collect location data from their devices.

There are two ways in which Apple users can authorize an app to provide location access.

  • Always authorization - The app can collect location data in the background. iOS will periodically remind the user that the app is doing so.
  • When-In-Use authorization - The app will only collect location data in the foreground, when the app is in use.

Here's how an Apple user-facing support document explains this distinction:

Apple Support: About Privacy and Location Services - Give Location Permission section

Here's how the two-tier permission request looks on an iPhone, from Apple's Human Interface Guidelines:

Apple Developer Human Interface Guidelines: Example of iPhone Requesting Location Permissions

Apple also provides guidance for developers on how to request Always authorization and When-In-Use authorization.

Developers should be mindful of this distinction when designing their iOS app. It's advisable to design your app in such a way that background location access is not required. That way, if a user rejects this permission request, your app can still function in a useable way.

Users are also able to adjust location settings at any time through individual app settings, such as this example from the Yelp app. Note how an explanation is added at the bottom of the menu to help explain more about levels of permission:

Yelp iOS app: Location access permissions menu

Apple's Human Interface Guidelines offer some advice about how and when to request location permission. Key takeaways include:

  • Only request a permission at app launch if it's necessary for the core functioning of your app. So whereas a run-tracking app might request location access at launch, a voucher codes app might not need to do so until the user wants to search for local deals.
  • Don't use custom prompts. Stick to the default alert for requesting location access.
  • Always provide a purpose string to explain the reason for your location permission request. Apple's guidance on Accessing Protected Resources will help you create a purpose string.

Summary

The lesson is clear. If your app accesses location data but you don't respect your users' privacy, it won't be long before it is removed from circulation, or, worse yet, you have legal issues to deal with.

Here's how to use location data the right way:

  • Know the law that applies to you and your users
  • Understand the agreements you have in place with third parties
  • Consider whether you actually need access to user location, and how much accuracy you really require
  • Create a Privacy Policy that discloses your use of location data
  • Request consent, and explain your reasons for doing so
Robert B.

Robert B.

Legal writer.

This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.