Ethics in Geofencing: Post GDPR & CCPA

Ethics in Geofencing

Consumers are becoming more aware of privacy concerns when it comes to how companies handle their data. Nearly a third of all internet users now report using some form of an ad blocker. 9 out of 10 people agree that they have lost control over how their personal information is collected and used by businesses. Regular news about the misuse of data and data breaches has only increased awareness. That’s why we think it’s important to pay attention to Geofencing Ethics.

It’s led to new legislation, such as the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). 11 more U.S. states have passed their own digital privacy regulations and there are literally hundreds of additional bills under consideration. More than 80 countries worldwide have passed privacy laws.

It’s changing the way digital marketing is being conducted.

Because online businesses reach across borders, even companies located in other jurisdictions may be required to comply. It’s caused confusion and concern for marketers that are using location-based marketing tactics, such as geofencing.

Geofencing Under GDPR and CCPA

Geofencing is the practice of drawing a “virtual fence” around a location. This area within the geographic boundary can be served specific ads or offers. It can also be used to collect real-time data. Using technology such as latitude/longitude coordinates, radio frequency identification (RFID), Bluetooth, or location beacons, consumers can be identified and targeted.

Under GDPR, location data is personal data if it can be used to identify an individual. GDPR serves to regulate the collection, processing, and storage of personal data. The regulations have been in effect since May 2018 and there have been several complaints about location tracking. Google, for example, was accused of violating GDPR rules by 7 countries over complaints that the company could track a user’s location when if Location History is turned off.

Personal information is also regulated by the CCPA. In some ways, it’s even more stringent in how it defines personal data because it includes browsing and search history.

Bluetooth Privacy

Another privacy concern revolves around the use of Bluetooth.

You may have noticed apps asking for Bluetooth access. When Apple rolled out iOS 13, it changed the way developers could use Bluetooth to collect location data. Before the update, detailed data could be gathered from users without getting their permission. Tracking beacons, for example, could access devices through Bluetooth even if users had denied a specific app from tracking them.

With this operating system update, Apple users will have to grant consent.

Both iOS and Android also give you the ability to block all location data from being transmitted. In the past, most users ignored such settings. However, with the increased awareness of privacy and the potential for abuse, consumers are beginning to take control of privacy settings.

Geofencing Ethics: How to Make Sure You Are Compliant with Privacy Policies

Businesses must be careful – and diligent – about how they geofence. While specific use-cases will likely be hashed out in the courts in the future, geofencing ethics would call for an interpretation that protects the spirit of the laws. That means protecting consumer’s privacy rights when it comes to personally identifiable information.

Both GDPR and CCPA detail common rights for consumers:

  • The right to request disclosure about what information is being gathered and what purpose it is being used for
  • Limitations on the use of information only for its expressed purpose
  • The right to access information gathered
  • The ability to opt-out

This applies to any personally identifiable information. Using IP addresses or mobile device IDs may be attributed to individuals and, as such, would be noncompliant with GDPR and CCPA. Unless devices or apps can mask personally identifiable data, geofencing ethics will require active consent to collect and use any location data.

Information that is aggregated and not attributable to individuals is exempt from most privacy regulations.

Marketer’s Responsibility

When it comes to geofencing for digital marketers or geofencing for agencies, it’s crucial to stay in compliance to avoid potential penalties. It’s also about respecting your customer’s rights. Regardless of whether or not CCPA applies to your organization, it is helpful to be aware of it, and aim to audit to see how your existing data collection practices compare to newer data privacy policies such as the CCPA, and GDPR. Especially when you’re in the agency business, it’s quintessential to stay on top of these policies so you have information to help your clients when they reach out to you.

Written by

Demand Local

Demand Local empowers Automotive Advertising & Marketing Agencies to Scale and Grow their Businesses. Our Digital Ad Infrastructure was built from the ground-up specifically to serve the Automotive Sector by unifying our proprietary technology with some of the industry’s leading media and technology services. Demand Local is a pioneer in adopting newer media, and technologies to better bridge the gap between advertisers and buyers.

Ready to drive traffic? Talk to us.