19 February 2020
Just a decade or two ago, it would have seemed bizarre to suggest that everyone would soon be carrying a device in their pocket that logs their movements and broadcasts their location. With the advent of mobile technology, that vision has basically become a reality.
But the fact is that location tracking can be a useful and desirable feature of many apps. Used wisely, it can be an unintrusive means to provide valuable services and relevant information. But, used carelessly, it can represent a significant threat to privacy.
If you're hoping to use location data as part of your app, following these steps will help you meet your legal and contractual obligations while protecting your users.
It seems reasonable to claim that people have a right not to have their movements observed and logged by third parties. This right should be compatible with owning a mobile phone, which is close to essential in the modern world.
The reality is that, from a legal perspective, people only have this right in certain circumstances, and in certain places.
Monitoring user location does fall under the scope of many privacy laws. But privacy law varies considerably from place to place. App developers need to pay close attention to these laws.
And it's important to note that if you have users outside of your company's home country (for example, if you're a US company whose app is available in the EU), you might also need to obey the laws of the countries in which your users are based.
The US has relatively weak privacy laws. There is no comprehensive federal privacy law. Instead, there's a patchwork of different laws that apply in various contexts.
The follow US laws could apply to location tracking:
The EU has the strictest privacy laws in the world. The General Data Protection Regulation (GDPR) sets the rules for the processing of personal information in all aspects of business and public life.
Here's what you need to know about the GDPR:
Each country of the EU (including the UK) has its own version of the GDPR and has its own Data Protection Authority responsible for enforcing it. These Data Protection Authorities can impose substantial fines on companies who break the rules - up to 4 percent of annual turnover or €20 million.
Many other countries have laws that will impact on your ability to collect location data from people living there.
It's quite clear that there's a legal obligation to exercise caution when using location data. But you don't even have to look to national law for this obligation.
Apps aren't created in isolation. The chances are that you'll be relying on the technology or distribution platforms of third-party companies such as Apple or Google when developing and distributing your app.
These third parties have strict requirements on how developers collect location data and other personal information from their users.
Developers who are created using the Android Software Development Kit (SDK) are subject to Terms and Conditions that constitute a license agreement for the product.
Use of the Android SDK is conditional on agreement with these terms, and violating the terms amounts to a breach of contract with Google.
Here's an important excerpt from the Android SDK Terms and Conditions:
A similar provision exists in the Google Play Developer Distribution Agreement.
This is a legally-binding contract with which you must agree before you can get your app hosted in the Google Play Store.
Here's the relevant part of the agreement:
Note that in addition to the stipulations regarding obeying privacy law, the agreement also limits the use of personal information (such as location data) to those purposes for which a user has given permission for it to be used.
So if your app uses location data, you must ask a user's permission for this, and this permission is only to be requested in connection with a specific purpose.
Google has shown that it won't hesitate to remove apps from its platform if developers violate its policies.
Respect for privacy is increasingly treated as a unique selling point by Apple. Whilst they are often more expensive than Google products, Apple products are less focused on collecting personal information and building a profile of users for marketing purposes.
This means that Apple is very strict about what it will allow developers to do on its platform.
First, let's look at the Xcode and Apple SDKs Agreement. This contract is in place between Apple and all developers of apps using an Apple proprietary SDK.
This agreement makes extensive reference to the use of location data. The use of location data is prohibited altogether for some purposes:
Apple also places a specific requirement on developers to obtain consent from a user before their location data can be collected:
Needless to say, developers must obey the law. Apple even makes specific reference to "location service laws":
Apple's App Store Review Guidelines, an agreement which governs the terms on which an app may be distributed to the billion-plus App Store users, also makes specific reference to location data:
Location data must be used restrictively and only with consent.
You may have already guessed that the App Store Review Guidelines require full compliance with privacy law. In this respect, the guidelines are particularly specific.
Where consent cannot be obtained in respect of a specific device permission, the app must offer alternative solutions that still allow the user to meaningfully use the app:
Failure to comply with the rules around location data could lead to your app being removed from the App Store. In May 2018, the Apple news website 9to5 Mac reported that Apple was purging apps from the platform that it accused of sharing location data without consent.
Broadly speaking, there are two things you need to do before you can access location data via a user's device.
You also need to consider whether your app requires location data, and how accurate it needs to be. The greater the accuracy with which you are able to determine the location of a device, the greater the risk to a person's privacy.
Full transparency is required. When it comes to location data, you need to let your users know:
Here's the summary:
And here's the longer explanation:
Note the highlighted section. Uber users can refuse the processing of their location data and manually enter an address instead, but this will affect how the Uber app functions.
The purpose of collecting user location data is obvious for an app like Uber. Other apps use location data in different ways. Full transparency is essential.
Facebook also provides further information about its use of location data in its Privacy Basics guidance:
Enter your email address where you'd like your policy sent, select translation versions and click "Generate."
As we've seen, consent is an important part of many privacy laws. It's also an integral part of the agreements you sign up to when developing and publishing your app.
It's essential that you get permission for using location data. Permissions work differently on different mobile operating systems.
Android developers can access two types of location data, which provide different levels of accuracy:
Google provides some guidance on implementing these permission requests:
You should think carefully about whether your app should request access to coarse or fine location data. Fine location data will not be necessary for every purpose.
It's important to note, however, that both permissions are classed as "dangerous" permissions by Google. You can read more about the different categories of permission in our article Android Collection of Data and Sensitive Data.
Google also provides the following advice about how and when to request access to location data:
All requests for the location permission should be accompanied or preceded by an explanation of why the permission is needed.
Here's an example from the Stagecoach bus app for Android:
And here's how the MyTaxi app handles this. Before triggering the location permission request, MyTaxi provides this explanation of why this access is required:
Tapping "Continue" brings up the actual permission request:
Research from Carnegie Mellon indicates that users are much more likely to agree to app permission requests if the reason for the request has been properly explained.
Apple gives users more control over how apps collect location data from their devices.
There are two ways in which Apple users can authorize an app to provide location access.
Here's how an Apple user-facing support document explains this distinction:
Here's how the two-tier permission request looks on an iPhone, from Apple's Human Interface Guidelines:
Apple also provides guidance for developers on how to request Always authorization and When-In-Use authorization.
Developers should be mindful of this distinction when designing their iOS app. It's advisable to design your app in such a way that background location access is not required. That way, if a user rejects this permission request, your app can still function in a useable way.
Users are also able to adjust location settings at any time through individual app settings, such as this example from the Yelp app. Note how an explanation is added at the bottom of the menu to help explain more about levels of permission:
Apple's Human Interface Guidelines offer some advice about how and when to request location permission. Key takeaways include:
The lesson is clear. If your app accesses location data but you don't respect your users' privacy, it won't be long before it is removed from circulation, or, worse yet, you have legal issues to deal with.
Here's how to use location data the right way: