[LINK] RFC: Draft APF Policy re Location Data

Roger Clarke Roger.Clarke at xamax.com.au
Wed May 11 20:51:27 AEST 2011 

RC

At 2:23 PM +1000 8/5/11, Richard Chirgwin wrote:
>>              http://www.privacy.org.au/Papers/LocData-1105.html
>There is a gap in the policy: the use of devices to collect information
>about third parties.

You've nailed a weakness in the Policy Statement.  (Thank you!).

But I haven't found a way to deal with it in a way that's elegant, 
and efficient with my time.  (I'm on countdown to an international 
flight, so criterion two does matters).

A further factor is that APF has not objected to the collection of 
'public beacon' data.  My personal (i.e. not the APF's) summary to 
the privacy list on Wed, 2 Jun 2010 11:02:10 +1000 was:
>The privacy concerns arising from Google's WiFi escapades relate, in 
>descending order of importance, to:
>-   the device-identifiers of devices other than routers (i.e. the NICIds,
>     which are visible in the headers as MAC-addresses)
>-   the location of devices by means of those device-identifiers,
>     both at the time the surveillance is performed and subsequently
>     [substitute some other word for 'surveillance' if you like; 
>     it's being used here as a neutral descriptor]
>-   the association of future traffic with those device-identifiers
>-   the content of messages ('payload') picked up at the time the
>     surveillance is conducted
>-   the device-identifiers of routers
>-   the SSIDs of networks                                     <<<=====
>-   the locations of networks, particularly open networks     <<<=====

I'm considering proposing to the APF Board an amendment to the draft 
Policy Statement to make clear that it relates only to the personal 
data of the individual whose device is being tracked - as distinct 
from third-party device and personal identities whose locations may 
become apparent as a result of the data collection.

That way we can tackle that (also-important) aspect separately.

Does that cut the mustard, or am I squidding it?

(All mixed metaphors and malapropisms are copyright, but - of course 
- available under a CC BY-NC-ND licence).

Thanks for your further advice!  ...  RC2

__________________________________________________

At 2:23 PM +1000 8/5/11, Richard Chirgwin wrote:
>On 6/05/11 9:10 AM, Roger Clarke wrote:
>>                        Australian Privacy Foundation
>>                      Policy Statement re Location Data
>>              http://www.privacy.org.au/Papers/LocData-1105.html
>>
>>                   Feedback to mailto:chair at privacy.org.au
>>
>>
>Roger,
>
>There is a gap in the policy: the use of devices to collect information
>about third parties.
>
>At least Google and Apple do this. The Android device or iPhone collects
>and geolocates information about WiFi access points visible to them.
>
>You refer to consent by the user - but in this case, "the user's"
>consent is irrelevant. Someone who has had information recorded about
>them by a passing device does not have the opportunity to provide that
>consent.
>
>I think this needs to be explicit.
>
>RC
>
>_______________________________________________
>Link mailing list
>Link at mailman.anu.edu.au
>http://mailman.anu.edu.au/mailman/listinfo/link

-- 
Roger Clarke                                 http://www.rogerclarke.com/
			            
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list