Skip to Content

IAPP CIPT: What Privacy Concerns Arise from Location Tracking in Health Apps?

By: Author Alex Lim

Posted on  - Last updated:

Categories Exam

Location tracking in health apps raises significant privacy concerns around the accuracy and use of sensitive location data. Learn about the key issues that privacy technologists should be aware of.

Table of Contents

Question

SCENARIO –
Please use the following to answer the next questions:

Your company is launching a new track and trace health app during the outbreak of a virus pandemic in the US. The developers claim the app is based on privacy by design because personal data collected was considered to ensure only necessary data is captured, users are presented with a privacy notice, and they are asked to give consent before data is shared. Users can update their consent after logging into an account, through a dedicated privacy and consent hub. This is accessible through the ‘Settings’ icon from any app page then clicking ‘My Preferences’, and selecting ‘Information Sharing and Consent’ where the following choices are displayed:

  • “I consent to receive notifications and infection alerts”;
  • “I consent to receive information on additional features or services and new products”;
  • “I consent to sharing only my risk result and location information for exposure and contact tracing purposes”;
  • “I consent to share my data for medical research purposes”; and
  • “I consent to share my data with healthcare providers affiliated to the company”.

For each choice, an ‘ON’ or ‘OFF’ tab is available The default setting is ‘ON’ for all. Users purchase a virus screening service for US$29.99 for themselves or others using the app. The virus screening service works as follows:

Step 1: A photo of the user’s face is taken

Step 2: The user measures their temperature and adds the reading in the app

Step 3: The user is asked to read sentences so that a voice analysis can detect symptoms

Step 4: The user is asked to answer questions on known symptoms

Step 5: The user can input information on family members (name, date of birth, citizenship, home address, phone number, email and relationship).

The results are displayed as one of the following risk status “Low”, “Medium” or “High”. If the user is deemed at “Medium” or “High” risk an alert may be sent to other users, and the user is invited to seek a medical consultation and diagnostic from a healthcare provider.

A user’s risk status also feeds a world map for contact tracing purposes, where users are able to check if they have been or are in close proximity of an infected person. If a user has come in contact with another individual classified as ‘medium’ or ‘high’ risk, an instant notification also alerts the user of this. The app collects location trails of every user to monitor locations visited by an infected individual. Location is collected using the phone’s GPS functionality, whether the app is in use or not however the exact location of the user is “blurred’ for privacy reasons. Users can only see on the map circles with a 12-feet radius (approximately 4 meters wide), which is double the recommended distance for social distancing.

With regard to the location-tracking feature of the app, which of the following is the privacy technologist’s greatest area of concern?

A. Unfair pricing based on location.
B. Accuracy and use of location data.
C. Tailoring advertisements to the user’s location
D. Use of cookies and other web-tracking technologies

Answer

B. Accuracy and use of location data.

Explanation

Privacy technologists should be most concerned about the accuracy and use of location data collected by the health app’s location-tracking feature. There are several reasons for this:

  1. Sensitive nature of location data: Location information is highly sensitive personal data that can reveal intimate details about an individual’s movements, behaviors, and associations. Improper collection, use, or disclosure of this data could lead to significant privacy harms.
  2. Accuracy concerns: The app is using GPS to collect location data and “blurring” the exact location to a 12-foot radius for privacy. However, there may still be concerns about the precision and reliability of this location data. Inaccuracies could lead to false alerts about exposure or incorrectly identify individuals as high risk.
  3. Continuous tracking: The app collects location data continuously, even when not in use. This pervasive tracking heightens privacy risks, as it allows for the compilation of detailed location histories over time. Users may not expect or understand the extent of this ongoing monitoring.
  4. Lack of user control: It’s unclear if users can easily opt-out of location tracking. The consent choices provided don’t seem to offer specific control over this feature. Users may feel that location collection is mandatory to use the app’s core functions.
  5. Potential for misuse: There are risks that location data could be misused, either by the company or unauthorized third parties who gain access. This could enable surveillance, profiling, or other harmful secondary uses of the data.

While issues like pricing discrimination, targeted advertising, and web tracking are also problematic, the privacy technologist should prioritize addressing the collection and handling of sensitive location data, given the heightened risks involved. Proper safeguards, user controls, and data minimization practices are essential.

IAPP CIPT certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the IAPP CIPT exam and earn IAPP CIPT certification.