Proceedings of a Workshop—in Brief
In June 2022, CrisisReady Co-Director and Professor of Epidemiology at Harvard T.H. Chan School of Public Health Caroline Buckee co-organized a virtual workshop with the National Academies of Sciences, Engineering, and Medicine‘s Committee on Science, Technology, and Law on how, and for what purposes, location data can be used in public health, research, and law enforcement.
The workshop examined the current methods in collecting, interpreting, and using location data by governments, academics, and enterprises in the United States and around the globe. Speakers led discussions on the ethical issues associated with the collection and use of these data, identifying gaps in the current governance framework, and discussing potential mechanisms for enhancing data privacy protection.
“On June 8-9, 2022, an ad hoc planning committee under the auspices of the National Academies of Sciences, Engineering, and Medicine’s Committee on Science, Technology, and Law (CSTL) hosted a workshop, Location Data in the Context of Public Health, Research, and Law Enforcement: An Exploration of Governance Frameworks. The workshop examined the collection, interpretation, and use of location data by government, academia, and industry.¹
During opening remarks, workshop planning committee Co-chair Caroline Buckee (Harvard T.H. Chan School of Public Health) noted that the impetus for the workshop was the deluge of location data from cell phones and other sources that flowed to policymakers and researchers seeking to contain the COVID-19 pandemic. Epidemiologists have been using location data in research for some time, but the pandemic vastly increased awareness of location data as a useful source of information for policymaking and law enforcement. With location data, Buckee said, there is a general lack of systematic frameworks for sharing and aggregating the data in a way that preserves individual privacy. She identified as risks related to the use of location data in the context of public policy risks to vulnerable populations and individuals and risks associated with corporate control of location data, suggesting that an understanding of risks must inform both the regulation of location data and decisions about how location data are aggregated and used.
Committee Co-chair Paul Ohm (Georgetown University Law Center) said that privacy scholars tend to discuss “omnibus” approaches to protecting privacy, but because the topic is very complex and surrounded by many uncertainties, a deep dive is merited. Privacy is contextual and giving attention to specific privacy contexts is very important, he said. Some focused “sectoral” privacy laws have had profound impact², but Ohm noted that there are few laws, if any, focused specifically on location data. Ohm suggested that, if members of the location data ecosystem have not begun to agree on norms, the workshop might spur their development: in the absence of norms, regulators might fill an ethical void with rules that are not well calibrated to the needs of the community. We should, Ohm said, keep both the positive uses of location data for good and the negative harms that the spread of location data might cause in view, with balance and nuance as our watchwords.”
National Academies of Sciences, Engineering, and Medicine. 2022. Location Data in the Context of Public Health, Research, and Law Enforcement: An Exploration of Governance Frameworks: Proceedings of a Workshop—in Brief. Washington, DC: The National Academies Press. https://doi.org/10.17226/26645.
¹ For this proceedings, location data is defined as information about the specific geographical whereabouts of a particular device. It can be collected and tracked by mobile phone operators, by devices through a global positioning system (GPS) satellite (e.g., when using an application), or by Wi-Fi access point. See, e.g., https://www.arm.com/glossary/location-data#:~:text=Location%20data%20is%20information%20about,such%20as%20a%20mapping%20application.
² See, e.g., the Wiretap Act of the Electronic Communications Privacy Act of 1986 (ECPA), 18 U.S.C. §§ 2510-2523 and the Illinois Biometric Information Privacy Act (BIPA), (740 ILCS 14/).