Google's Latitude - Are location services a privacy risk?

Google has just launched its ‘next big thing’ – Latitude, a location tracker that can be used to share your location details with others. Is this a great leap forward, or a threat to privacy?

Latitude is certainly an interesting offering. It provides a mobile Google Maps service, but with a difference: the system uses GPS or GSM cell information to locate the user and position them on the map. Users can then choose to share that location with others. This could be a remarkable little application, allowing businesses to easily track the movements of their field force, and will have huge implications when integrated with social networks and microblogging services.


Google claim that they do not store any location information, but simply handle the data for sharing purposes. Users need to consent to the installation of the application on their phone, and in the case of the Blackberry version, the software regularly notifies them that it is running. All well and good, that’s privacy taken care of.

Only it’s not that simple. Used correctly, such a system can offer great benefits, but misuse can be equally damaging. Even if Google have built a ‘privacy-positive’ system there are residual privacy risks, which include:

  • Latitude installed on mobile devices without the users’ knowledge – for example, a jealous partner installing it on their partner’s phone to track where they go (if they have physical access to the handset then this should be trivial to accomplish);
  • Hacks used to install Latitude on a handset without the need for physical verification, or to suppress warning messages that the service is running;
  • Users simply forgetting that their handset is transmitting their location when they go somewhere that they wish to keep from others;
  • Unauthorised access to back-end services such that an unauthorised user can track individuals’ locations.

Privacy advocates have already commented on these problems, but my biggest concern is the inevitability of irresponsible sharing of location data by users who don’t really know the other parties involved. Take a look at the willingness with which many social networking users will share a lot of personal information with people that they’ve never met before. It would be very easy to integrate Latitude with Facebook or Myspace, and as soon as that happens, users will open up their location to their entire address book, or even to any user at all. It would then seem to be a matter of time before we see frauds, burglaries and physical assaults inspired by a user’s location.

Now I’m not saying that makes Latitude a bad thing, far from it. But we do need to think very carefully about the implications of location-based services before we let them out into the wild. We need to ensure that there are legal protections for users, and law enforcement authorities that have the understanding and resources to enforce those protections. And we need to ensure that users understand the implications of the services – a Consent Notice can only be considered ‘Fair’ if the user has a complete understanding of the risks.

I’d like to see Google conduct and publish a Privacy Impact Assessment for Latitude. That would be in line with the ICO’s recommended best practice; demonstrate complete transparency about the privacy implications; and set a positive precedent for the industry. Until then, I’m not going to be installing the software on my phone…