April 5th, 2006
DRI today became aware of a plan to introduce a commercial mobile phone tracking service. Although marketed as being intended for parents to keep track of their children, this was also open to allow any phone user to being tracked by anyone else who had access to their phone for a short period.
The Irish Times report on this service from today can be found here and a Guardian report on some of the potential abuses of this kind of service can be found here. In addition, it is clear that this service is a breach of the spirit and letter of the Data Protection Acts at multiple levels.
That information is being passed by the mobile operators to this service is one breach. There are protections in place precisely to prevent personal private data being sold for third party profit in this way. The failure to provide a method of providing ongoing consent, or a method of withdrawing or withholding consent is another.
It should also be noted that even in the case of the suggested use of this service children have privacy rights, albeit ones circumscribed to varying degrees depending on their age and vulnerability. It may be presumed that children with mobile phones are not infants and will therefore have a reasonable right not to have their data protection rights abused, and their private information sold, without their knowledge or consent.
In response to this story, DRI released the following press release.
FOR IMMEDIATE RELEASE
Digital Rights Ireland today wrote to the Data Protection Commissioner
to express its concern at the introduction of mobile phone tracking
services in Ireland.
‘Mobile phone tracking services have clear potential for abuse and
comprehensive safeguards need to be in place to ensure that the tracked
person has given full, ongoing, informed consent to being tracked’ said
TJ McIntyre of Digital Rights Ireland.
We also, as it says, contacted the Data Protection Commissioner. We heard back from the Data Protection Commissioner’s office this afternoon. Apparently, following our highlighting of the issue, the DPC had been in contact with Top Security, the company identified as planning the introduction of this service. The announcement of this service was described as having been premature.
If we do hear of such a tracking service being launched by either Top Security or any other company, including the mobile operators themselves, it will be particularly interesting to see how it remains within the terms of the Data Protection Acts.