Best Practices and Guidelines for Location-Based Services 4
information or content to a highway safety organization.
Notice that the LBS Provider creates or uses aggregate or
anonymous data is required.
LBS Providers that share location information with third parties must disclose what
information will be provided and to what types of third parties so that users can understand
what risks may be associated with such disclosures.
LBS Providers must inform users how they may terminate the LBS, and the implications of
doing so. LBS Providers also must ensure that any privacy options or controls available to
users to restrict use or disclosure of location information by or to others are explained to
users.
Example 7. An LBS Provider that oers a social networking
service might provide a mechanism for the user to establish
permissions for when, where and to whom his or her location
information will be disclosed. The notice to the user could
include a statement to the eect:
“You control who will receive your location information. In
‘settings’ on the menu, you can select contacts you wish
to block or enable all the time, or you can select a manual
option to review a list of contacts each time you disclose your
location.”
LBS Providers must periodically remind users when their location information may be
shared with others and of the users’ location privacy options, if any. The form, placement,
terminology used, manner of delivery, timing and frequency of such notice depends on
the nature of the LBS. For example, one would expect more reminders when the service
involves frequent sharing of location information with third parties and fewer reminders,
if any, when the service involves one-time, user-initiated concierge service calls (e.g.,
locating a nearby service). In addition, depending on the circumstances, the use of an
icon or other symbol to disclose when location information may be shared may be a more
eective means of reminding consumers than a written notice.
In some circumstances, account holders (as opposed to users) may control the installation
and operation of LBS. In addition to providing notice to the account holder, LBS Providers
still must ensure that notice is provided to each user or device that location information
is being used by or disclosed to the account holder or others. Once again, the content,
timing and frequency of such notice depends on the nature of the LBS.
Example 8. An LBS Provider provides an LBS to a business
customer with multiple devices used by employees in the eld.
The LBS Provider could satisfy its notice obligation by direct
notice to each device that location information is being provided
to the business customer. Alternatively, pursuant to a contractual