An Overview of Privacy and AI Considerations Associated with Location Based Services
- Joshua Kitili |
- January 11, 2024 |
- Artificial Intelligence,
- Data Protection
Location Based Services (LBS) have been defined as mobile applications that provide information depending on a user’s location.1 It also denotes ‘applications integrating geographic location with the general notion of services.’2 The system components required for an LBS to work include mobile devices, positioning, communication networks, service and content providers.3 LBS integrates data from various resources which include ‘Global Positioning Systems (GPS) satellites, cellular tower pings and short-range positioning beacons to provide services based on the user’s geographical location.’4
Some common LBS apps include travel and tourism apps that offer users optimal routes and interesting places to visit nearby. Fitness apps also enable users to monitor their workout activities and routes. Some restaurants may use food delivery apps to deliver takeaway meals to customers. Other LBS include services like geo-social networks (GSNs) whereby users share information about their current whereabouts for instance foursquare.5
Location Based Services can be divided into two broad categories namely user-requested and triggered.6 The user-requested category entails retrieving the position once, then using it on subsequent requests for location-dependent information.7An example of this type of LBS is navigation that involves a map.8 A triggered LBS on the other hand relies on a condition that has already been set up and its fulfilment retrieves the position of the device for example in emergency services where a call to an emergency centre activates an automatic location request from the mobile network.9
The location information used in LBS may be used for a single purpose or stored for later use by combining with other information to target a consumer for instance in advertising.10 LBS determine a user’s location through the following ways namely: cell-tower based identification, GPS, Wi-Fi triangulation, internet protocol address approximation and user-provided information.11 Most LBS apps have integrated Artificial Intelligence (AI) which enhances accuracy and efficiency.12 For instance, taxi hailing services utilise AI to match individuals with drivers, optimise routes and provide an estimate of the expected arrival time.13The increased use of LBS apps however, demands that the privacy of users is protected since location data has the potential of infringing on the right to privacy. It is therefore paramount to factor in privacy and AI elements when deploying LBS so that data subjects are adequately protected.
Privacy and AI Considerations
The use of LBS requires that the privacy of data subjects is adequately protected to ensure that the data they share is not misused. On the other hand, AI algorithms are prone to bias thereby discriminating against certain groups of people.14 It is therefore important for developers to be cognisant of such ethical concerns and take appropriate measures to ensure that apps do not perpetuate discrimination or any form of bias.15 They should also ensure that responsible AI principles are factored in when developing LBS platforms and before deploying them.
To adequately protect the privacy of users, the following principles enshrined in existing legislations should be considered by data controllers or data processors that handle location data. These principles include:
-
Disclosure- Companies that act as location data collectors are required to inform consumers the kind of data that is being collected and the purpose for the collection. The principle of transparency should thus be observed by the data collectors.16
-
Consent- The consent of a data subject is required before collecting their personal data. It is also referred to as opt in and opt out for the use of location.17
-
Data Security- Adequate security measures should be put in place to safeguard the data collected against accidental loss, destruction or illegal processing.18
For app developers, it is fundamental to create a privacy policy that complies with the applicable data protection legislation requirements. Some of the key terms that should be included in the privacy policy include: the kind of personal data collected which includes location data, the purposes for collecting the information, disclosure of the information to third parties, how users can control their information like consent, corrections and unsubscribing, storage of personal data and cookies.19
Likewise, to address the ethical concerns that may arise through the use of AI systems, international guidelines and recommendations have been adopted by some countries to ensure that people’s best interests are prioritised and that operators are accountable for the functioning of AI systems.20 Some of these recommendations include the UNESCO Recommendation on the Ethics of Artificial Intelligence and the OECD Recommendation on Artificial Intelligence.21
AI and Privacy Principles
Responsible AI principles should be considered when developing LBS platforms and some of them are enshrined in the UNESCO Recommendation on the Ethics of Artificial Intelligence. They include safety and security which require the implementation of appropriate measures throughout the life cycle of AI systems to ensure human, environmental and ecosystem safety and security. 22 A secure system should keep private information secure even after facing possible attacks on the system and therefore adequate measures must be incorporated to safeguard the location data shared by a data subject.
Another principle that AI actors should consider is fairness and non-discrimination. Appropriate measures should be implemented to avoid the perpetuation of discriminatory or biased applications throughout the lifecycle of AI systems.23 AI systems should therefore treat everyone equally and be available to everyone without discrimination.24 It is therefore fundamental for developers to ensure that AI systems integrated into LBS apps take into consideration data fairness, design fairness, outcome fairness and implementation fairness.25
The right to privacy is another key principle that should be considered throughout the lifecycle of AI systems. Location data shared by users of LBS apps should not be misused for surveillance purposes and therefore AI systems integrated in LBS apps should be restricted from unsolicited observation of individuals’ activities or location.26 Other fundamental AI principles include transparency, responsibility and accountability.
Transparency entails the determination of how and also why an algorithm made a certain decision.27 This enables individuals to understand how each stage of an AI system is implemented.28 AI transparency is therefore fundamental in LBS since it creates trust between users and the AI systems, ensures fair and ethical AI is observed, helps to address any potential data biases, enhances performance and accuracy of AI systems and ensures compliance with applicable AI regulations.29 The principle of accountability entails being responsible for actions and decisions of an AI system and also the overall impact the AI system will have on people.30 AI accountability can be achieved by protecting location data from potential cyberattacks and also ensuring that the training data is unbiased and protected from unauthorised access.31
Risks and Security Concerns
Failure to factor in the AI principles and privacy measures may expose LBS apps and data subjects to certain risks. For instance, data poisoning32 may occur as a result of the modification and manipulation of the dataset that a model has been trained on leading to systematic malfunction and poor performance of an AI system.33 This interferes with the security of an AI system thereby exposing the location data to malicious activities. Cyberattacks on LBS can also threaten the privacy of users if the security measures implemented are not robust enough to safeguard the location data shared. Cybercriminals may take advantage of this and exploit the vulnerabilities in a device’s software or hardware in order to access location information.34 As a result, the unauthorised access can result in unauthorised tracking of a user or even location based phishing attacks.35 It is therefore paramount for users of LBS to check the privacy settings on their devices and the permissions given to apps that require location data.36
Conclusion
In conclusion, LBS are fundamental in providing essential services to the public. LBS apps are now commonly used in Kenya and they range from taxi hailing services to delivery services. Considering that location data is sensitive, it is imperative that data controllers and data processors comply with the principles of data protection and also implement adequate security measures to safeguard location data shared by users of various LBS platforms. Developers should also factor in the ethical principles of AI to avoid discriminatory practices that may arise from biased algorithms and to build trust between users and LBS apps that integrate AI. Lastly, users of LBS apps should ensure that apps which require access to their location are trustworthy so as to prevent misuse of their location data.
Image is by needpix.com
1 Haosheng Huang and Song Gao, Location-Based Services <https://www.researchgate.net/publication/324748144_Location-Based_Services > accessed 6 September 2023
2 Jochen Schiller and Agnes Voisard, Location-Based Services (Elsevier 2004)
3 Huang (n 1)
4 Andrew Froehlich, Location-Based Services <https://www.techtarget.com/searchnetworking/definition/location-based-service-LBS#:~:text=A%20location%2Dbased%20service%20(LBS)%20is%20a%20software%20service,or%20more%20location%20tracking%20technologies. > accessed 6 September 2023
5 Michael Herrmann and others, ‘Privacy in Location-Based Services: An Interdisciplinary Approach’ (2016) 13 (2) SCRIPTed 145-170
6 TD’ Roza and G Bilchev, An Overview of Location-Based Services <https://link.springer.com/article/10.1023/A:1022491825047 > accessed 6 September 2023
7 ibid
8 ibid
9 ibid
10 ACLU, Location-Based Services: Time for a Privacy Check-In <https://www.aclunc.org/sites/default/files/asset_upload_file183_9627.pdf > accessed 6 September 2023
11 ACLU, Location-Based Services: Time for a Privacy Check-In <https://www.aclunc.org/sites/default/files/asset_upload_file183_9627.pdf > accessed 6 September 2023
12 Marcin Frackiewicz, The Role of Artificial Intelligence in Enhancing Location-Based Services (26 July 2023) <https://ts2.space/en/the-role-of-artificial-intelligence-in-enhancing-location-based-services/ > accessed 6 September 2023
13 ibid
14 Linet Kwamboka and Annita Mwagiru, Artificial Intelligence Practitioners’ Guide: Kenya(20 April 2023) < https://www.data4sdgs.org/index.php/resources/artificial-intelligence-practitioners-guide-kenya > accessed 6 September 2023
15 Shahabuddin Amerudin, Potential Drawbacks for Location-Based Services < https://people.utm.my/shahabuddin/?p=5758#:~:text=In%20addition%2C%20location%2Dbased%20services,against%20certain%20groups%20of%20people.> accessed 6 September 2023
16 Richard Ferraro and Murat Aktihanoglu, Location Aware Applications < https://manning-content.s3.amazonaws.com/download/b/a4de039-2cd5-4be1-8ba2-4c73af18be78/LAAsample_ch10.pdf> accessed 6 September 2023
17 ibid
18 ibid
19 Nathalie King, Privacy Considerations For Apps That Monitor User Location (27 July 2023) <https://legalvision.com.au/privacy-app-user-location/ > accessed 6 September 2023
20 OECD, Forty-two countries adopt new OECD Principles on Artificial Intelligence <https://www.oecd.org/science/forty-two-countries-adopt-new-oecd-principles-on-artificial-intelligence.htm > accessed 7 September 2023
21 OECD, Recommendation of the Council on Artificial Intelligence <https://legalinstruments.oecd.org/en/instruments/oecd-legal-0449#:~:text=However%2C%20in%20order%20to%20make,and%20actors%20involved%20in%20their > accessed 7 September 2023
22 UNESCO, Recommendation on the Ethics of Artificial Intelligence <https://unesdoc.unesco.org/ark:/48223/pf0000380455 > accessed 7 September 2023
23 ibid
24 Kwamboka & Mwagiru (n 14)
25 David Leslie, Understanding artificial intelligence ethics and safety<https://www.turing.ac.uk/sites/default/files/2019-06/understanding_artificial_intelligence_ethics_and_safety.pdf > accessed 7 September 2023
26 Kwamboka & Mwagiru ( n 14)
27 Jay Budzik, Why AI Transparency is so Important (23 April 2020) < https://www.zest.ai/insights/why-ai-transparency-is-so-important> accessed 7 September 2023
28 UNESCO ( n 22)
29 George Lawton, AI transparency: What is it and why do we need it? (2 June 2023) <https://www.techtarget.com/searchcio/tip/AI-transparency-What-is-it-and-why-do-we-need-it#:~:text=Like%20any%20data%2Ddriven%20tool,those%20influenced%20by%20the%20decision. > accessed 7 September 2023
30 Credo, Accountability <https://www.credo.ai/glossary/accountability > accessed 8 September 2023
31 Scaler, AI Accountability <https://www.scaler.com/topics/ai-accountability/ > accessed 8 September 2023
32 Data poisoning involves a malicious compromise of data sources at the point of collection and pre-processing. It interferes with machine learning training data to generate undesirable outcomes.
33 Leslie (n 25)
34Marcin Frąckiewicz, Privacy Concerns in Location-based services: Balancing Convenience and Security (16 July 2023)< https://ts2.space/en/privacy-concerns-in-location-based-services-balancing-convenience-and-security-2/#gsc.tab=0> accessed 8 September 2023
35 ibid
36 ibid