Brands using location-based data services are facing a major clampdown from the Information Commissioner’s Office after the watchdog renewed its call for extra powers to extend its audit capabilities.
Under the Data Protection Act, the ICO currently has the power to inspect government organisations it suspects to be not compliant with the law, with or without their permission, but not private sector firms.
Speaking at the ICT Knowledge Transfer Network, ICO head of strategic liaison Jonathan Bamford said: “We are making the case for increased inspection power in other sectors and that may well include the private sector.”
The ICO recognised that location-based data, information that is being collected on a growing basis by companies like Facebook, Google and Groupon, poses a potential threat to privacy.
There is also a risk that many people are unaware of what information is being collected about them, how it is being collected and how it is being used, Bamford said.
Although there is a regulatory framework in place to address these concerns – from EU directives to the UK’s DPA – Bamford admitted that these may not be enough when it comes to location-based data.
He believes that the location-based data protection risks are different to the risks of traditional data collection methods because of its ubiquitous nature, and the fact that users are largely unaware of how the information is being collected and used.
“Because of the sheer pace of technological change and the ingenuity of the way people use location-based services, it does feel like we are playing catch-up,” he said.
Brands face threat of ‘data raids’