Protecting Location Data [5 Core Pillars]
With great power comes great responsibility.
With the widespread use of location technology by apps, we are becoming increasingly accustomed to the benefits of location-based services, including real-time navigation, ride hailing, and food-delivery. Google Maps, Uber and GrubHub are just some of the go-to apps that are making our lives easier and more convenient. But collecting, storing and working with location data raises important considerations regarding user privacy that need to be addressed.
When location datasets fall into the wrong hands and are linked with personally identifiable information (PII), either from internal or external data sources, user privacy can easily be compromised. If collected and stored irresponsibly, location data can reveal a person's real world identity and behavior.
At Incognia, we view ensuring the privacy of location data as paramount. In fact, user privacy is where our founders started, over ten years ago, when they designed and developed the core location technology that is now in use by over 60M devices.
Today, Incognia continues its privacy-first approach by following five core pillars in its protection of location data and user privacy.
Put user privacy firstIncognia follows the 7 fundamental principles of Privacy by Design to ensure that privacy is built into its products by default, rather than as an afterthought or compliance checkbox. In practice this means:
• Being proactive and preventative with data protection
• Making privacy the default, not an afterthought
• Embedding privacy as an essential component of the product
• Striving for two-fold benefits, complete functionality and privacy
• Committing to end-to-end security throughout the data life cycle
• Providing visibility and transparency
• Keeping the user in control of their data
Keep PII and location data separate
We believe the best way to keep personal information and location data separate, is not to collect any data that can directly link to identity. This removes the possibility of linking real world identity and location. We focus on encrypting and protecting the location data we collect and intentionally do not collect additional PII. This means that Incognia does not collect unique static device identifiers (such as IMEI and MAC), associated accounts (e-mail and telephone), civil identification data (name and social security number), as well as sensitive data – information that reveals ethnicity, religion, political opinion, religious, philosophical, political or union entities membership or data regarding health, sex life, genetics, and biometrics.
Handle sensitive place visits with careLocation data, like latitude and longitude coordinates, doesn’t tell you much about a person or a transaction. It’s only once the context surrounding the location is added, that the visit or purchase is understood. In the case of sensitive places, like churches or health clinics, this context has the ability to disclose deeply personal information like health status, religious or political beliefs, race, or sexual orientation. To prevent that, Incognia technology immediately classifies collected data as sensitive strips it of identifiers, and stores it as a visit to "sensitive place A”. Without information on the individual, context on the place, or linkages to other location data, the information becomes anonymous, and the privacy of that user is protected.
Use encryption to secure location dataIt is incredibly difficult to fully anonymize a precise location dataset, but we get pretty close. It is important to identify which data is capable of re-identifying a user and apply cryptographic techniques, like encryption and hash, to it. Our goal is to transform location data into an unreadable version of itself so it can still be used, with techniques like zero-knowledge proof, but can’t be read without an encryption key, or in certain cases, not at all. Other techniques, including probabilistic set structure, differential privacy, and k-anonymity, bring the data closer to full anonymization, making it nearly impossible to identify an individual user from the location data set.
Be mindful of data retentionJust because data can be kept, doesn’t mean it should be. The best practice is to keep data only as long as it is actively used. If data isn't stored, it can't be stolen or contribute to downstream fraud caused by stolen credentials and PII. Additionally, a long retention period increases the risk of re-identification by crossing with external databases. Implementing a privacy-first data retention policy is critical to rounding out a comprehensive data security plan.
The Incognia team understands the power and sensitivity of location data which is why we have an internal commitment to go above and beyond in protecting user privacy.