Γνώμη 13/2011 της ομάδας του άρθρου 29 για τις υπηρεσίες εντοπισμού θέσης σε έξυπνες φορητές συσκευές


Η Ομάδα του άρθρου 29 δημοσίευσε στις 19.5.2011 την υπ’ αριθ. 13/2011 Γνώμη σχετικά με τις υπηρεσίες εντοπισμού θέσης σε εφαρμογές “έξυπνων” κινητών (smartphones), ιδίως σε ό,τι αφορά τα λειτουργικά συστήματα για κινητά της Apple και της Google.

Η παραπάνω επιτροπή εμπειρογνωμόνων δέχθηκε ότι, σύμφωνα με τις οδηγίες ΕΕ για την προστασία προσωπικών δεδομένων, πριν από κάθε χρήση δεδομένων θέσης οι χρήστες θα πρέπει να ενημερώνονται ενδελεχώς για την έκταση και το σκοπό της συλλογής δεδομένων και στη συνέχεια να δίνουν τη συγκατάθεσή τους. Παράλληλα, θα πρέπει να μπορούν να ρυθμίζουν τον εντοπισμό της θέσης τους. Οι υπηρεσίες θα πρέπει να προβάλλονται στη συσκευή και ο χρήστης θα πρέπει να μπορεί να διαγράφει όλα τα δεδομένα θέσης από τη συσκευή του.

Οι παροχείς υπηρεσίες δεν θα πρέπει να διατηρούν τις πληροφορίες περισσότερο από όσο είναι αναγκαίο για την εκάστοτε εφαρμογή και σε περίπτωση που αυτές διατηρούνται θα πρέπει να ανωνυμοποιούνται.

Ειδικότερα, τα συμπεράσματα του εγγράφου έχουν ως εξής:

1. Legal framework
• The EU legal framework for the use of geolocation data from smart mobile devices is primarily the data protection directive. Location data from smart mobile devices are personal data. The combination of the unique MAC address and the calculated location of a WiFi access point should be treated as personal data.
• In addition, the revised e-privacy directive 2002/58/EC only applies to the processing of base station data by telecom operators.

2 Controllers
• Three types of controllers can be discerned. They are: controllers of geolocation infrastructure (in particular controllers of mapped WiFi access points); providers of geolocation applications and services and developers of the operating system of smart mobile devices.

3 Legitimate ground
• Because location data from smart mobile devices reveal intimate details about the private life of their owner, the main applicable legitimate ground is prior informed consent.
• Consent cannot be obtained through general terms and conditions.
• Consent must be specific, for the different purposes that data are being processed for, including for example profiling and or behavioural targeting purposes from the controller. If the purposes of the processing change in a material way, the controller must seek renewed specific consent.
• By default, location services must be switched off. A possible opt-out mechanism does not constitute an adequate mechanism to obtain informed user consent.
• Consent is problematic with regard to employees and children. With regard to employees, employers may only adopt this technology when it is demonstrably necessary for a legitimate purpose, and the same goals cannot be achieved with less intrusive means. With regard to children, parents must be judge whether the use of such an application is justified in specific circumstances. At the very least they must inform their children, and, as soon as reasonably possible, allow them to participate in the decision to use such an application.
• The Working Party recommends limiting the scope of consent in terms of time and remind users at least once a year. The Working Party equally recommends sufficient granularity in the consent with regard to the precision of the location data.
• Data subjects must be able to withdraw their consent in a very easy way, without any negative consequences for the use of their device.
• With regard to the mapping of WiFi access points, companies can have a legitimate interest in the necessary collection and processing of the MAC addresses and calculated locations of WiFi access points for the specific purpose of offering geolocation services. The balance of interests between the rights of the controller and the rights of the data subjects requires that the controller offers the right to easily and permanently opt-out from the database, without demanding additional personal data.

4 Information
• Information must be clear, comprehensive, understandable for a broad, nontechnica audience and permanently and easily accessible. The validity of consent is inextricably linked to the quality of the information about the service.
• Third parties like browsers and social networking sites have a key role to fulfill when it comes to the visibility and quality of the information about the processing of geolocation data.

5 Data subject rights
• The different controllers of geolocation information from mobile devices should enable their customers to obtain access to their location data in a human readable format and allow for rectification and erasure without collecting excessive personal data.
• Data subjects also have a right to access, rectify and erase possible profiles based on these location data.
• The Working Party recommends the creation of (secure) online access.

6 Retention periods
• Providers of geolocation applications or services should implement retention policies which ensure that geolocation data, or profiles derived from such data, are deleted after a justified period of time.
• If the developer of the operating system and/or controller of the geolocation infrastructure processes a unique number such as a MAC address or a UDID in
relation to location data, the unique identification number may only be stored for a maximum period of 24 hours, for operational purposes.