The regulation of location-based services: challenges to the European Union data protection regime

To further the growth of location-based services (LBS), clear regulation is indispensable. The European Union (EU) legal framework includes a strict regime for the processing of personal data, location data and traffic data. After a short introduction of two core elements of European data protection legislation - the Data Protection Directive and the ePrivacy Directive - a number of technological and societal trends are described, which have made the applicability of the existing EU regulation on personal data processing in general and location data in particular more problematic. Recently, the Art. 29 Working Party released Opinion 13/2011 on geolocation services on smart mobile devices. An analysis of the Opinion reveals that it fails to clarify how the European legal framework should be applied in practice on two accounts. First, a clear separation between different actors and their roles has become unrealistic, and particularly the practical differences between telecom operators and information society service providers are quickly becoming merely theoretical. Second, location data used in LBS are increasingly the result of an amalgamation of other data, which sources cannot be practically traced anymore. Thus, the approach to apply different regimes to different types of data is increasingly less tenable. Next, two possible routes for improvement are suggested. The first opts to extend the current regime that only deals with a limited category of location data to all types of location data, thus strengthening the current ePrivacy Directive. The second chooses to abandon the current special regime for location data completely in favour of a more general protection of personal data, thus bestowing more weight to the Data Protection Directive. These suggestions provide valuable input for the current revision of the European legal framework on data protection.