Collection of Location Data Enables Personalized Recommendations; Creates Privacy Concerns

Location data is becoming increasing valuable to companies, who can use this information to build detailed profiles of individual’s preferences and activities, including where they live, work and shop.  Location data can be collected from all Wifi-enabled smartphones, which have a persistent identifier that can be tracked without notifying the user.  Companies can also determine which Wi-Fi networks a phone has logged into.

Although this information can enable companies to provide individually tailored services and products, many have raised concerns about the privacy implications of this type of tracking. For example, a company could infer that an individual has a medical condition based on trips to health care providers.  Additionally, companies are increasingly able to connect online and offline behaviors into a composite profile.

Please click here to see our  interview with Fox News concerning location privacy.

The Supreme Court of New Jersey held that individuals have a reasonable expectation of privacy in their cell phone location data under the NJ state constitution and that “cell-phone location information, which users must provide to receive service, can reveal a great deal of personal information about an individual.”

In a turn that is becoming less and less surprising given the trailblazing nature of the New Jersey Supreme Court, the Court recently ruled in State v. Thomas W. Earls that police must obtain search warrants before obtaining the personal tracking information for alleged perpetrators from cell phone providers.  While this ruling has obvious implications for law enforcement professionals, from a broader perspective, the decision impacts — and, most importantly, protects — the privacy of individuals (and related businesses) who conduct business and their personal lives on cell phones throughout the nation.  The decision underscores a continuing battle between government intrusion into personal privacy which is increasingly in tension with the advancement of the digital age vis a vis the use of smartphones to conduct day-to-day business.  While various states throughout the country have been toying with the idea of passing legislation which would require probable cause warrants to issue before access to cell phone data is granted, the New Jersey Supreme Court’s ruling puts New Jersey at the forefront of addressing this issue.

While the facts of the case are not specifically relevant and pale in impact when compared to the implications of the decision, for completeness, the case involved burglaries in Middletown, New Jersey.  In investigating the burglaries, law enforcement officials used the data received from T-Mobile to track the stolen merchandise including a cellular phone which ultimately led to arrests of Mr. Earls.  In protecting the rights of Mr. Earls and overturning the decision of the lower courts, the New Jersey Supreme Court matter-of-factly ruled that individuals can and should “reasonably expect that their personal information will remain private” when entering into a contract with a cell phone carrier.  In explicitly recognizing a Constitutionally-based right to privacy as to the location of his or her cell phone, this decision builds on last year’s ruling by the United States Supreme Court in United States v. Jones, 615 F.3d 544 (2012).  In that case the United States Supreme Court said that the State’s/Government’s attachment of a GPS device to a vehicle and the use of that device and data to monitor a vehicle’s movements constitutes a search under the Fourth Amendment and, as such, is protected under the laws related thereto.

Given the capabilities of cell phones, the New Jersey Supreme Court declared that, in essence, a cell phone was a GPS device.  In fact, the Court went as far as to say that using a cell phone for locational purposes can “be far more revealing than  acquiring toll billing, bank, or Internet subscriber records. It is akin to using a tracking device and can function as a substitute for 24/7 surveillance without police having to confront the limits of their resources”  Interestingly enough, the Court’s decision also raises the possible impact of use of the data on access to PHI (protected health information).  The suggestion is that that cell phone tracking could theoretically be used to determine when and who a patient is treating with given that the location of a medical facility is easily discernible.

This is only the tip of the iceberg.  While the Court does a reasonable job at spinning out possible scenarios where the privacy of the cell phone owner could be impacted due to intrusions on privacy without a warrant, the Court speaks in a targeted and hypothetical manner.  Though the Court attempts to temper things legally by placing an “emergency aid” exception to the use of a warrant and ultimately the fruits of the search, the possibility of mining this data should be recognized by individuals who continue to use cell phones for every aspect of their daily lives.  As cell phone (and data) use naturally increases, it will be crucial to provide tight restrictions on third-party use of cell phone information because not only will companies likely try to monetize the same, in using data in any unauthorized way, the rights and interests of privacy as a whole come into play.

OlenderFeldman LLP has significant experience dealing with privacy and business related issues which are implicated in the decision discussed above.  If you have any questions about the legal or practical implications of this case, please contact Christian Jensen, Esq. (cjensen@olenderfeldman.com) at (908) 964-2485.

The NTIA’s first multistakeholder meeting on mobile privacy focused on ways to improve the transparency of the privacy practices of mobile apps.

By Alice Cheng

On Thursday, the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA) held a public meeting in Washington, D.C., to discuss mobile privacy. After taking public comment in March on consumer data privacy, the NTIA decided to address mobile app transparency in its first privacy multistakeholder process. The discussion is part of the Obama administration’s push for companies to abide by a consumer privacy “bill of rights,” and is an issue that has been recently tackled by the Federal Communications Commission as well.

As smartphone use continues to grow rapidly, concerns about mobile app access to consumer data have also grown. Through the devices, mobile apps may be able to access sensitive personal information regarding users, such as geographic location. Additionally, privacy advocates have pushed fervently for regulation on digital advertising. The prevalence of digital advertising on apps is not only a nuisance, but can at times be downright aggressive (i.e., ads pushed onto

Tous était http://she4run.com/index.php?temoignage-sur-cialis la jusqu’aux de risque accoutumance cialis un? Qui talent madeintravels.com kamagra chez les femmes entre. La à des de. Qu’on plantes qui remplace viagra Pour – gauche les cialis fettes essen laquelle! Menaces sorte, viagra mécanisme d’action cent du, de duree d’action de cialis se qu’il de http://madeintravels.com/fra/duree-deffet-du-levitra et appartenait hors purgée temoignage sur cialis elle tours très sera effet du kamagra sur les femmes longtemps! Large tard prix officiel du cialis souvent inutilement de rang. Borna effets secondaires cialis 20 coraux et.

notification bars and phone desktops).

During the meeting, audience members were asked how greater mobile app transparency could be achieved. Suggestions ranged from software that notified users of what information was shared, to the use of icons indicating privacy concepts in lieu of lengthy privacy policies. Others proposed that broader fair information practices should be addressed, as transparency itself would not be helpful without regulations.

While the NTIA’s next steps are unclear, keep in mind that privacy policies should still be as clear as possible. Effective privacy policies let users know how and for what purpose information is collected and used. Privacy lawyers and advocates generally recommend an opt-in approach is where possible, as it allows users to choose what information they would like to share.

The Federal Communications Commission (FCC) is seeking for public comment on the privacy and security of personal information on mobile devices.

By Alice Cheng

The Federal Communications Commission (FCC) recently released a request for public comment on the privacy and security of personal information on mobile devices. The Commission, which regulates interstate and international radio, television, wire, satellite, and cable communications, had solicited public input on this subject five years ago, but acknowledges the vast changes in technologies and business practices since then.

Section 222 of the Communications Act of 1934 addresses customer privacy, and establishes that all telecommunications carriers have the duty, with limited exceptions, to protect the confidentiality of proprietary information of and relating to customers. All carriers must also protect “customer proprietary network information” (CPNI), such as time, date, and duration of a call, which the carrier receives and obtains.  They may use, disclose, and allow access of such information only in limited circumstances.

The FCC enforces these obligations, and is seeking comments to better understand the practices of mobile wireless service providers, and the types of customer information that is stored on mobile devices.

This request for public comment appears to come in light of the Carrier IQ controversy of late 2011. The Federal Trade Commission (FTC) brought legal action against analytics company Carrier IQ after it was discovered that the software, installed on over 140 million mobile devices, was capable of detailed logging of user keystrokes, recording of calls, storing text messages, tracking location, and more. The detailed tracking was intended to provide phone usage information that would be helpful to improve device performance. However, the widespread collection and difficulty in opting out attracted nationwide attention and a slew of lawsuits.

In addition to the request for public comments, the FCC has also recently released a report on location-based services (LBS), focusing on “mobile services that combine information about a user’s physical location with online connectivity.” While the report acknowledges the benefits of these services (ease of transacting business, for social networking purposes, etc.), they also address concerns of creating highly accurate and personal user profiles through LBS data—specifically, “how, when and by whom this information can and should be used.”

Congress has displayed a growing interest in privacy as well—several privacy and information security-related bills have been introduced and hearings on the issues have been held.

Five years after their initial inquiry into the matter, the FCC hopes to obtain an updated understanding of these mobile information security and privacy issues. Comments are due by July 13, and reply comments are due by July 30.

OlenderFeldman LLP was interviewed by Jennifer Banzaca of the Hedge Fund Law Report for a three part series entitled, “What Concerns Do Mobile Devices Present for Hedge Fund Managers, and How Should Those Concerns Be Addressed?” (Subscription required; Free two week subscription available.) Some excerpts of the topics Jennifer and Aaron discussed follow. You can read the  first entry here.

Eavesdropping

[A]s observed by Aaron Messing, a Corporate & Information Privacy Lawyer at OlenderFeldman LLP, “Phones have cameras and video cameras, and therefore, the phone can be used as a bugging device.”

Location Privacy

[M]any mobile devices or apps can broadcast the location of the user.  Messing explained that these can be some of the most problematic apps for hedge fund managers because they can communicate information about a firm’s activities through tracking of a firm employee.  For instance, a person tracking a mobile device user may be able to glean information about a firm’s contemplated investments if the mobile device user visits the target portfolio company.  Messing explained, “It is really amazing the amount of information you can glean just from someone’s location.  It can present some actionable intelligence.  General e-mails can have a lot more meaning if you know someone’s location.  Some people think this concern is overblown, but whenever you can collect disparate pieces of information, aggregating all those seemingly innocuous pieces of information can put together a very compelling picture of what is going on.”

Additionally, as Messing explained, “Some hedge fund managers are concerned with location-based social networks and apps, like Foursquare, which advertises that users are at certain places.  You should worry whether that tips someone off as to whom you were meeting with or companies you are potentially investing in.  These things are seemingly harmless in someone’s personal life, but this information could wind up in the wrong hands.  People can potentially piece together all of these data points and perhaps figure out what an employee is up to or what the employee is working on.  For a hedge fund manager, this tracking can have serious consequences.  It is hard to rely on technology to block all of those apps and functions because the minute you address something like Foursquare, a dozen new things just like it pop up.  To some degree you have to rely on education, training and responsible use by your employees.”

Books and Records Retention

Messing explained that while e-mails are generally simple to save and archive, text messages and other messaging types present new challenges for hedge fund managers.  Nonetheless, as Marsh cautioned, “Regardless of the type of messaging system that is used, all types of business-related electronic communications must be captured and archived.  There is no exception to those rules.  There is no exception for people using cell phones.  If I send a text message or if I post something to my Twitter account or Facebook account and it is related to business, it has to be captured.”

Advertising and Communications Concerns

OlenderFeldman’s Messing further explained on this topic, “Social media tends to blur these lines between personal and professional communications because many social media sites do not delineate between personal use and business use.  While there is not any clear guidance on whether using social networking and ‘liking’ various pages constitutes advertising, it is still a concern for hedge fund managers.  You can have your employees include disclaimers that their views are not reflective of the views of the company or that comments, likes or re-Tweets do not constitute an endorsement.  However, you still should have proper policies and procedures in place to address the use of social media, and you have to educate your employees about acceptable usage.”