Digital Marketing Legal Issues Related to Geofencing
Privacy attorney Richard B. Newman authored an article for AdExchanger, a leading provider of news, analysis and events dedicated to the data-driven marketing space. The article, “Geofencing Could Become A Magnet For Regulatory Scrutiny,” addresses innovative geotargeting technologies – such as, geofencing – that are used by digital marketers to deliver hypertargeted ad content.
Today’s domestic and international data privacy environment is heavily pro-consumer and Richard discusses recent regulatory developments that digital marketers must consider to avoid becoming the target of a regulatory investigation or enforcement action.
California’s Consumer Privacy Act v. GDPR
In some respects, the California Consumer Privacy Act of 2018 is more onerous that the EU General Data Protection Regulation. For example, as discusses in the article, California’s new privacy legislation defines “personal information” to include browsing and search history, in addition to inferences derived therefrom.
Importantly, Richard states that “[i]t would be a mistake for marketers that employ geofencing technologies for collecting and using personal data to assume that no risk exists merely because they are gathering what has traditionally not been considered personally identifiable information.”
According to Richard, whether considering the CCPA or GDPR, “location data can most certainly qualify as personal data whenever it relates to an identifiable individual.”
Regulatory Activity and Location Data
The piece also discusses recent regulatory efforts to police data protection abuses and the use of geotargeting technologies.
For example, in 2017, the Massachusetts attorney general settled a widely-publicized case involving geofencing around women’s reproductive healthcare facilities. In 2018, the Federal Trade Commission sent warning letters to marketers of electronic devices and apps that collected geolocation data from children, in violation of the Children’s Online Privacy Protection Act.
In 2015, European regulators censured a company for capturing unique media access control addresses that identify passing smartphones without informed consent.
Opt-In Consent is the Golden Rule
Richard states that the “golden rule when processing the locations of smart mobile devices for direct marketing is affirmative opt-in consent.” From an operational compliance standpoint and without limitation, conspicuous geofencing notice prior to data collection is required. As is clear and conspicuous notice regarding the purpose and manner of data collection, how data is used, who it is shared with and how to stop collection.
Also critically important are enhanced privacy notices and written information security policies.
Geotracking Campaign Considerations
Considering the patchwork of data privacy laws, applicable regulations and best practice guidance should be considered digital marketers and app developers prior to embarking on geotracking campaigns.
If you are interested in learning more about this subject or would like to review your privacy and data security compliance practices, please contact the author at (212) 756-8777 or via email at [email protected].
Richard B. Newman is a data privacy attorney at Hinch Newman LLP. He is a member of the International Association of Privacy Professionals.
Attorney Advertising. Informational purposes only. Not legal advice. Do not rely on any information contained herein without consulting with an attorney.