For many, the term geofencing may not be something with which they are familiar. That’s not surprising, since its use on a larger scale has only been around the last few years. In essence, the term refers to accessing location data and search data on electronic devices at specific places and times. This has notable advantages for businesses trying to market to specific geographic segments. But increasingly, geofencing is being used for much, much more. In fact, its use has become rather routine for law enforcement today in an effort to identify potential suspects. But this is raising significant invasion of privacy concerns among many consumer and citizen advocacy groups.
(Data is the new oil for the Digital Age–read more in this Bold story.)
As American citizens, we each have the right to privacy and freedom from unreasonable searches and seizures. The U.S. Constitution guarantees these rights and protections in the Bill of Rights’ Fourth Amendment. But when it comes to geofencing, it seems these protections are being thrown out the window. Anyone who happens to be in a specific area at a specific time is at risk for an invasion of privacy concerns. How did this happen? The answer is a bit convoluted, but the bottom line is that citizens and consumers alike need to demand change. If we don’t, all of run the risk of indiscriminate access to our private data that could lead to our own demise.
“If the Government is to continue to employ these [geofencing] warrants, it must take care to establish particularized probable cause. As the legal landscape confronts newly developed technology and further illuminates Fourth Amendment rights in the face of geofence practices, future geofence warrants may require additional efforts to seek court approval.” – Judge Hannah Lauck, U.S. District Court, Eastern Virginia
The Rise of Geofencing
Most businesses that have used Facebook or Google ads have likely relied on geofencing to target a consumer market. As soon as they set the mile-radius of their targeted ad, they’re employing this technology to find specific consumer segments. This allows people in a certain area to receive ads about local happenings and offerings. In essence, Google and many other tech companies leverage user location and search data to drive ad conversions. But since 2018, tech companies haven’t been the only ones interested in this information. Increasingly, law enforcement agencies are seeking this data to help them solve crimes. As a type of “reverse search,” it greatly increases their ability to find potential suspects by casting a large net.
In order for law enforcement to access this data, they first must obtain a warrant from a judge. Interestingly, however, this isn’t much of a barrier as such warrants are routinely provided without invasion of privacy concerns. Once obtained, law enforcement approaches tech corporations and demand that they hand over user data. This data not only includes users in a specific location at a specific time. It also includes users who searched specific keywords in that moment as well. Google specifically has claimed a quarter of all legal requests today are geofencing requests. They not while such requests were less than 1,000 in 2018, they now exceed 11,500 annually. And unless you’re targeted as part of these investigations, you probably are unaware your data was ever considered.
“In dense, urban communities like the ones I represent in Brooklyn, hundreds or thousands of innocent people who merely live or walk near a crime scene could be ensnared by a geofence warrant that would turn over their private location data. And keyword search warrants would identify users who have searched for a specific term, name or location.” – Zellnor Myrie, New York State Senator
Constitutional Invasion of Privacy Concerns
The Founding Fathers of the nation recognized the power of unrestricted access to citizen information. Their invasion of privacy concerns is what prompted the drafting of the Fourth Amendment. This amendment protects the rights of individuals to be secure in their homes, persons, and effects from unreasonable searches. And while the Constitution certainly didn’t mention cellphones or electronic devices, these do apply. In 2018, the U.S. Supreme Court ruled individuals had every right to expect reasonable privacy protections in their devices. But the ruling didn’t stop law enforcement or corporations. It simply encouraged the use of warrants and user agreements as a way around these obstacles.
From a consumer side, geofencing takes user data and information to alter online experiences. Whether it’s Google, Facebook, Amazon, or others, user data enables a more targeted interaction with consumers. In some cases, this data is even sold to third parties who use the data to their business advantage as well. But the real invasion of privacy concerns involves the potential criminal repercussions. When law enforcement uses geofencing warrants, they capture data without any probable cause from innocent bystanders. While courts are beginning to rule in this direction, the practice remains widely used nationwide. And in some cases, these privacy violations have led to significant detriment to blameless individuals.
Reeling in Unlawful Surveillance
In 2019, over 15 billion data breaches and cybersecurity attacks where personal information was exposed. In the same year, 46 billion people were victims of identity theft. In 2018, a man in Avondale, Arizona, was arrested and jailed for six days based on geofencing data for a murder he didn’t commit. In the process, he lost his job, had to drop out of night school, and had his car repossessed. The one thing all of these events have in common is the unconstitutional violation of our privacy. Geofencing is simply the latest technique being used to see just how far these types of actions can go. And it specifically should be triggering invasion of privacy concerns among us all.
(Read up on how businesses are muzzling cyberattacks in this Bold story!)
Without question, consumers and citizens need greater privacy protections today. Governmental protections have failed to keep pace with technological advances. Likewise, businesses and corporations have neglected their ethical responsibility to protect their customers. From legal and moral perspectives, it seems quite clear that practices like geofencing without clear individual consent is wrong. Thus, it’s essential that we recognize the unconstitutionality of these practices and demand change. How this change evolves remains to be determined. But our invasion of privacy concerns must encourage progress in this area if we hope to preserve our inherent rights.
Time for Businesses to Step Up
Understanding the landscape, it’s quite clear that businesses need to play a significant role in protecting consumer privacy. Big tech companies have ethical and moral duties to uphold consumer rights as citizens and self-regulate themselves. They also have deep knowledge of the actual privacy threats that exist, and they have the means to address them. Unfortunately, these same companies are often the ones violating consumer protections. Many use geofencing techniques to target ad campaigns to specific consumer groups. And some provide this data to third parties, further undermining consumer trust and safety. If we truly want to address this issue head-on, businesses must acknowledge and embrace their privacy protection responsibilities.
“The discretion companies can exercise when it comes to information privacy and the ethical implications of this discretion entail that information privacy is a question of corporate morality.” – Irene Pollach, Aarhus School of Business, University of Aarhus
Geofencing and Keyword Search Practices
When it comes to protecting consumer privacy, safeguards against hackers, ransomware, and malware are certainly important. In the U.S., companies must now comply with the Federal Trade Commission’s data protection laws in this regard. If they do not honor these privacy protection responsibilities, such companies may be subject to major fines. But these are not the only threats to consumer privacy today. For many years, Google, Facebook, Amazon, and others have used geofencing and keyword search data for targeted marketing. In essence, these technologies locate consumers by location using GPS locators on their electronic devices. Or they target them by the specific search terms they use when surfing the Internet. These are common practices that steal consumer data as well.
While geofencing and keyword search data may not seem as invasive, they can be. The information gleaned from these practices reveal a great deal about a person. In fact, law enforcement has been securing geofencing warrants lately to help them locate potential suspects near a crime. In addition, as consumers return to brick-and-mortar stores in a post-pandemic world, several retailers are tapping into these practices. By knowing a person’s proximity to the store, they can push specific ads to their smartphones. But is this really attending to privacy protection responsibilities of their customers? Are they really protecting consumer privacy, especially when this information is offered to others?
“The ‘surveillance advertising’ business model is premised on the unseemly collection and hoarding of personal data to enable ad targeting. This pernicious practice allows online platforms to chase user engagement at great cost to our society…” – House Representative Anna G. Eshoo of California
Current Efforts Insufficient and Inadequate
This is not to say that Big Tech isn’t investing some energies in protecting consumer privacy rights. Apple’s latest version prevented the use of unique device data for tracking purposes among sites. Prior to this, even Apple customers who refused access to personal identifiers couldn’t prevent device tracking tactics. This simple move was enough to cost Facebook millions in share-values because of the impact it had on its advertising. But while this is a step in the right direction, it’s hardly enough, not to mention only one company. If Big Tech is going to take their privacy protection responsibilities seriously, much more is needed. Not only should consumers be better informed, but companies must be more transparent and proactive.
In terms of geofencing warrants, several Big Tech companies have stepped up to condemn the practice. In 2013, several formed the Reform Government Surveillance group, which now has 11 members. The group together oppose geofencing warrants because they believe it violates Fourth Amendment rights. But this isn’t the only motivation. Google led the list of members that had to respond to geofencing warrants in 2020. Thus, Google stands to save some internal costs and headaches by supporting such legislation. Likewise, the company had said nothing about curbing its own geofencing strategies for marketing purposes. If Google and others are truly interested in protecting consumer privacy, this would also be a priority. Instead, it appears they’re doing the minimum when it comes to their privacy protection responsibilities.
“Privacy involves many parts of the business, and the right technologies, ideas, and talent have to be used in order to make this a successful endeavor.” – Anna Garcia, Chief Data Privacy Officer for IKEA Spain
CSR Includes Protecting Consumer Privacy
There are plenty of companies that invest in their privacy protection responsibilities. In fact, many corporations have data privacy officers and pursue greater consumer transparency. But at the same time, many others take a more superficial approach to protecting consumer privacy. From a business perspective, this will likely come back to haunt them. Surveys suggest that more than 70 percent of consumers opt to patronize companies with their privacy rights in mind. But the motivation for businesses to prioritize privacy rights should originate from a more ethical base. Government actions and consumer self-efforts are important, but businesses must take on the bulk of the work. This reflects true corporate social responsibility, especially since businesses are best suited to identify and implement the most effective solutions.
