Location data as an 'identifier' of personal data

A recent doctoral dissertation in legal studies reveals alarming news regarding the vulnerability of location and location data on mobile devices, and while using the internet and location-based services (LBSs) in those devices.

Shakila Bu-Pasha, master of international and comparative law, says, "It is even technically possible that every step of a smartphone user might be tracked, or users may permit particular applications (apps) to access their location without realising it. In addition, location data can provide very sensitive information about an individual, including a visit to some particular hospital, a political assembly or religious places."

Bu-Pasha will defend her doctoral dissertation in the Faculty of Law, University of Helsinki, on 14 December 2018. The dissertation addresses a common and significant legal problem: the relationship between collection of location data from mobile device usage and the European Union law on the protection of personal location data and privacy.

"Yet most mobile device users, especially smartphone users, are unaware and not even well informed about the processing of their location data and its impact to the right to privacy and personal data protection," Bu-Pasha says.

Along with traditional human rights law, the E.U. data protection laws play a significant role in the privacy and personal data protection of mobile device users. "The need for obtaining user consent and maintaining transparency and accountability on behalf of online platforms and other responsible bodies as data controllers and processors is real. The users should enjoy the option to express their actual choice of either accepting or denying the terms and policies of the location-based services," Bu-Pasha says.

By analysing some recent Court of Justice of the European Union case laws, Bu-Pasha has analysed how the E.U. data protection law tackles disputes involving transnational issues online, which includes its extra-territorial application and cross-border data transfers.

"My dissertation emphasises the efficiency of E.U. data protection law in the borderless and universal internet system and digital environment, more specifically with the introduction of the General Data Protection Regulation (GDPR), which can effectively bind data controllers such as multinational technology companies, online platforms and other entities for safeguarding data subjects' right to privacy and personal data protection and for the promotion of smooth and safe public participation on the internet via mobile devices," she says.

At the same time, the dissertation covers international and E.U. Law aspects of the mitigation of harmful radio interference in Global Navigation Satellite System (GNSS) and radio communication systems for the accuracy in location estimation and location services.

"On the ground of protection of privacy, the E.U. law does not permit using illegal devices like jamming and spoofing devices which hamper GNSS technology and services," Bu-Pasha says.