Are location data personally identifiable?

21 August 2008

A friend of mine recently dropped his phone in water, and found that he lost all his SMS messages for the last month. I advised him to use his subject access rights under the Data Protection Act 1998 and ask his phone company “Three” for the records of calls, SMS messages as well as locations of the phone (just for good measure). The results were quite unexpected.

Here is the answer he got back (edited to protect identities) with some added emphasis:

Dear Mr X,

Thank you for your below email.

Please be advised that we do not disclose details of incoming calls or texts unless required under a Court Order.

Please also be advised that location data does not constitute ‘Personal Data’ as defined under the Data Protection Act 1998 (personal data is information which relates to a living individual who can be identified from that data).

I can confirm that we have no solely automated decision making processes in place. Our credit checking system is not solely automated and requires manual intervention.

If you require details of your outgoing calls or texts (we do not retain the content of text messages) I would be grateful if you would forward proof of your identity and a cheque for £10 made payable to Hutchison 3G UK Ltd. A photocopy of your passport or photo drivers licence would be acceptable proofs of ID. Please send this to:

Data Protection and Privacy Officer
H3G UK Ltd
Star House
20 Grenfell Road
Maidenhead
Berkshire
SL2 2NE

Kind regards

Yours sincerely

Rhian T.
Compliance Executive
Legal
Hutchison 3G UK Ltd

This answer is very surprising. Three does not state that they do not hold the data relating to incoming calls or text messages, but simply that they are not happy to provide them — with no further explanation as to why. Similarly the fact that there is a human in the loop of their credit decision processing (maybe just pressing “OK” at some stage) seems to shield them from the burden of disclosing anything about their processing of the data.

Yet what is most interesting is the statement that location data is not personally identifiable. First, in the case of a phone operator this is simply not true. They hold all necessary records to link a particular record describing the location of a handset, to a physical person. Yet, most interestingly, recent work by myself and collaborators in COSIC, Leuven, focused on showing that even coarse grained anonymized location data can be quickly and efficiently linked back to a physical person. The reference, link and abstract are below for those interested in reading more.

  • Yoni De Mulder, George Danezis, Lejla Batina and Bart Preneel. Identification via Location-Profiling in GSM Networks. Workshop on Privacy in the Electronic Society ( WPES 2008 ), Alexandria, Virginia, USA.

    Abstract: As devices in a cellular network move, they register their new location with cell base stations to allow for the correct forwarding of data. We show it is possible to identify a mobile user from these records of movement within the network and a pre-existing location profile, based on previous movement. Two different identification processes are studied, and their performances are evaluated on real cell location traces. The best of those allows for the identification of around 80$\%$ of users. We also study the misidentified users and characterise them using hierarchical clustering techniques. Our findings highlight the difficulty of anonymizing location data, and firmly establish they are personally identifiable.

[Update: URL of paper is now working.]

Advertisements

One Response to “Are location data personally identifiable?”

  1. concerned said

    The location data recorded by mobile network operators records the geographic location of a base station for a communication made by the handset. Much analysis of related data would have to be done to associate location data with an individual. It is no as simple as you state.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: