Home Knowledge EU Opinion on Geolocation Services

EU Opinion on Geolocation Services

June 27, 2011
Partner
David Cullen

The EU Data Protection Commissioners’ grouping called the Article 29 Working Party (the “Working Party”) has given an opinion on geolocation services on smart mobiles indicating that prior consent from users is likely to be required. The objective of the opinion is to clarify legal and other obligations that apply to geolocation services and will influence national regulators.

Geolocation services include geotagging of internet content, location based advertising, maps and navigation. The three main types of infrastructure such services are provided on are GPS, GSM base stations and WiFi routers. The opinion focuses on privacy issues related to these.

According to the Working Party, geolocation data from smart mobile devices constitute personal data within the meaning of the Directive 95/46/EC (the “Data Protection Directive”) as it is possible indirectly to identify individuals and personal details about individuals. The Working Party states that the provisions of the Data Protection Directive should always apply where the processing of geolocation data result in the processing of personal data. However, it further states that the provisions of Directive 2002/58/EC (the “E-Privacy Directive”) should only apply to the processing of geolocation data by telecommunication operators.

The Working Party specified the following as data controllers, having different responsibilities for the processing of personal data:

  • Controllers of geolocation infrastructures
  • Providers of geolocation applications and services
  • Developers of operating systems

The Working Party makes various recommendations to aid compliance with the Data Protection Directive in the context of geolocation data. These recommendations include that users should be given clear notice of the operation of geolocation services.  Critically, it is stated that in most cases the user’s prior consent must be obtained by an opt-in mechanism. The Working Party also recommends that user consent is renewed at least once a year and that geolocation data are deleted as soon as possible. The Working Party specifically states that opt-out mechanisms, the turning on of geolocation devices by default and the mandatory acceptance of general terms and conditions do not constitute freely given consent.

This opinion, though not legally binding, is likely to influence how national regulators interpret data protection legislation. This is considered to be quite a strict interpretation of European data protection law and could potentially apply to quite a number of organisations due to the wide scope of data controller functionalities as set out above.

Contributed by David Cullen.

Recommended Insights

See all
Article and Insights
1
Feb 2024
Responsible Business Annual Report 2023
William Fry is pleased to launch its Responsible Business Annual Report 2023.
Article and Insights
2
Feb 2024
Digital Operational Resilience Act – second batch of technical standards launched for consultation
We focus on the second batch of draft implementation measures announced by the Eur...
WF_author_blank
Partner
John O’Connor
Article and Insights
2
Feb 2024
John Delaney Documents – Supreme Court Refuses Leave to Appeal
The Supreme Court has refused leave to appeal from a decision rejecting John Delan...
WF_author_blank
Partner
Deirdre O’Donovan
Article and Insights
24
Jan 2024
Cross-Examining Affidavit Evidence in Insolvency Cases
The High Court recently dismissed a petition seeking the winding up of a biofuel c...
WF_author_blank
Partner
Fergus Doorly
prev
next
See all