Data Risk Intelligence
Automated Data Mapping
Do Not Sell/Do Not Share
Cookie Banner Solutions
Consent & Preferences
Data Rights RequestsPrivacy Research Highlights Difficulties with Anonymization of Location Data
Geolocation data has been an area of controversy in privacy over the past few months. As businesses prepare for the California Consumer Privacy Act (CCPA) or proceed with data minimization under the General Data Protection Regulation (GDPR), they may decide to deidentify or aggregate location data in order to attempt to avoid some or all of these privacy law’s compliance obligations. However, these acts need to be closely examined as advances in deanonymization are made (or simply the full extent of the possibilities are realized).
A group of MIT scientists and urban planners have recently released a study that shows how easy it is to deanonymize information that has been anonymized. The study, which was published in IEEE Transactions on Big Data, matched up multiple datasets that had been anonymized through their time and location stamps.
The New York Times also published an article this weekend that identified specific individuals from the geolocation data of their smartphone that had been gathered from information said to be anonymous and used by dozens of companies. The title of the article was “Your Apps Know Where You Were Last Night, and They’re Not Keeping It Secret.”
The issue needs to be on the radar of company’s and privacy professionals as it is being discussed at the highest levels. During his testimony before the House Judiciary Committee yesterday, the Google CEO was asked about geolocation and he said: “… Location is turning out to be an important area as we consider privacy legislation … I think it is important that we give location protection to our users ….”
As Congress has yet to consolidate the various proposals for federal privacy legislation into a single draft national law, it is easier to look at this in the context of the CCPA.
The CCPA defines the personal information of a consumer to include their geolocation data, yet it excludes information that has been deidentified or aggregated. Companies that wish to rely on this exemption to the right to opt out need to ensure that they can defend that the data set is not personal information.
The simplicity by which researchers are identifying individuals within these supposedly anonymized data sets will in the future call into question the privacy compliance of businesses that rely on these exemptions. Businesses that wish to rely on the anonymization of personal information also need to be making efforts to test whether the rendered information is sufficient to protect the privacy of individuals under CCPA or GDPR.
More Blog Posts on IoT and Geolocation:
Consumers Say Privacy is a Big Problem for IoT Devices
Report Urges Transparency and Consent Management for IoT Privacy
Privacy Causes Pentagon to Ban Staff Geolocation Usage
Privacy Research Highlights Difficulties with Anonymization of Location Data
More Privacy Education Needed on Location Tracking; End-to-End Encryption
Contact Clarip Today for Help with CCPA and GPDR
The Clarip team and data privacy software are prepared to help your organization improve its privacy practices. Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo or speak to a member of the Clarip team.
If your challenge right now is CCPA compliance for your California operations, allow us to show you our CCPA software. From consent management software to offer the option to opt-out of the sale of personal data, to a powerful DSAR Portal to facilitate the right to access and delete, Clarip offers enterprise privacy management at an affordable price.
If you are preparing your European operations for GDPR compliance, we can help through our modular GDPR software. Whether you are looking to start the process with GDPR data mapping software, increase automation in your privacy program with DPIA software, or handle ePrivacy with a cookie consent manager, Clarip has the privacy platform that you need to bolster your program.
Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo and speak to a member of the Clarip team.
