A number of issues inevitably emerge upon closer examination of the current LBS regulatory framework in Australia. With regards to privacy legislation, it was noted that (location) information derived from LBS solutions might or might not be personal information and is unlikely to be sensitive personal information. The Privacy Act may not cover the data. Regarding Australian telecommunications legislation, location data may not specifically be classed ‘telecommunications data’ in all circumstances. The location dependent carriage service introduces ambiguity regarding definitions. The state-based prohibition on the use of tracking devices means that the provision of LBS will require explicit permission of the users of an LBS device. This is similarly the case with respect to surveillance legislation, in which tracking devices can be deployed for surveillance purposes, and without a warrant, in specific situations as outlined in the federal legislation. The implications of this lawful but covert deployment of tracking devices are yet to be fully explored. Correspondingly, national security legislation grants increasing powers to various agencies to monitor individuals under the guise of maintaining national security and protecting the interests of Australian citizens. The legal mechanisms that apply to LBS require further review, as they fail to adequately cover various aspects relevant to LBS and location data and the laws are not necessarily consistent or matching. However, opportunities for policy implementing such a review have not been seized in recent legislative change.
Similarly, industry-based guidelines are lacking in their coverage of LBS. For example, AMTA's guidelines merely cover passive LBS or those that do not require user input once initial consent is given. This is not surprising as industry bodies self-regulate a narrow group. Self-regulation is poor at involving users and other industry representatives. Supplementary to these individual issues, it is essential at this point to validate the Australian regulatory scheme in view of the conceptual framework defined earlier in this paper, in order to identify the broad challenges that surface in examining the existing framework, summarised in Table 1.
Table 1. Validation of the LBS regulatory framework in Australia.
Challenges/considerations | Validation | Areas for improvement
Technology-specific versus technology-neutral
Australian framework is largely technology-neutral (with exception of industry guidelines) and is not LBS specific.
- Subordinate legislation and regulation could be extended to cover specifics of LBS and location data.
- This may necessitate continual review of regulatory settings as LBS solutions and underlying technologies evolve.
Legislation versus self-regulation
Existing framework draws on combined legal and industry-based approach to regulation, which allows for both government and industry involvement. However, self-regulation is a characteristic of telecommunications and not privacy legislation.
- Self-regulation is created by narrow industry groups and is lacking in its involvement of users.
- There could be closer collaboration between industry and government.
- Drawbacks of current regulation and industry-based tools identified in this paper should be addressed
Multiple and competing stakeholder interests
Government and industry have largely established the current Australian framework for LBS. However, it lacks a stronger level of collaboration and user involvement.
- Collaboration and consultation are crucial in the regulatory process to ensure stakeholder representation.
- Users, in particular, must be encouraged to participate.
- Individual stakeholders in government, industry and user segments should be identified and approached.
Flexible regulatory structures
Legislation in the present framework is not particularly flexible and does not easily cater for LBS solutions in the marketplace or any future developments. Subordinate legislation is more flexible.
- Technology-specificity is required to incorporate LBS and location data into subordinate legislation.
- Industry-based tools should be continually developed and should be adaptable to technological developments.
4.2. Validation: extent to which the existing framework is specific to LBS
When considering the technology-specific versus technology-neutral debate in light of the LBS regulatory framework in Australia, it is evident that the current framework entails largely technology-neutral elements. This suggests that the framework fails to account for the specifics of LBS in that it does not adequately account for location data. This generates a risk that concerns, unique to LBS, will be overlooked in the Australian context. Technology-neutrality creates ambiguity in definitions, as can be seen in the case of the Australian privacy and telecommunications legislation in particular. However, as Australian government policy has consistently adopted technology-neutral legislation, the focus of change needs to be on subordinate legislation and self-regulatory mechanisms. The absence of an appropriate regulatory environment for LBS is undesirable from the perspective of all stakeholders, particularly individuals. The existing framework requires further provisions for LBS and location data, and it is therefore expected that legal and industry-based regulatory mechanisms will require continual review in the present technological landscape that is dominated by constant developments in both underlying technologies and emerging (and novel) usability contexts.
4.3. Validation: value of existing legislative and self-regulatory mechanisms
The Australian regulatory framework for LBS demonstrates a combined approach to regulation, in which legal and industry-based mechanisms are concurrently implemented. It is often believed that the combined approach allows for the specifics of a given technology to be better incorporated, especially at the industry level and via self-regulatory mechanisms. The Australian initiative led by AMTA can be perceived as a move towards increased industry involvement and representation, and an attempt to avoid unnecessarily stifling the LBS industry. The concern, however, lies in the limitations of self-regulation and the consequence that the guidelines are narrow in their scope and their coverage of a wide range of LBS solutions. In terms of legislation, the specific drawbacks of existing laws have been identified, requiring a review of federal legislation to ensure their applicability to LBS and that the laws are consistent and corresponding. Furthermore, closer collaboration between government, industry and users would improve the legal and industry-based mechanisms in the current framework. That is, government and other stakeholders need to be involved in industry-based processes. This type of co-regulation reduces the negative impacts of self-regulation allowing industry to impart feedback, which informs legislative processes. Importantly, consumers have an opportunity to express ‘real-world’ concerns that would directly support both legislative and co-regulatory processes.
4.4. Validation: degree to which stakeholder interests are accounted for
While government and industry perspectives have somewhat been represented in the existing framework, further collaboration is required to account for the views of users. Furthermore, individual stakeholder types must be identified within the government, industry and user segments and collaboration of individual stakeholders must be encouraged to ensure that all interests are represented in the regulatory process. In the Australian context, collaboration and consultation with a wide range of LBS value chain stakeholders in lacking, but is essential in order to incorporate multiple and competing stakeholder interests.
4.5. Validation: level of flexibility
The Australian legislative framework does not provide a flexible regulatory structure. That is, the legislation is out-dated with respect to LBS and existing provisions do not naturally enable the absorption of new LBS solutions and features. It is suggested that a higher degree of technology-specificity is required in subordinate legislation, given the unique characteristics of LBS and location data which do not always fall within the scope of current definitions. However, this approach must be carefully constructed to ensure that the chosen regulatory mechanisms are adaptable as the technology evolves. In combination with considered co-regulatory tools and guidelines that have been developed in an objective manner, this should ensure a degree of flexibility, given that regulatory systems can adapt more quickly than legislative systems.
4.6. Future research and extending the Australian framework
This paper has set the groundwork for understanding the nature and extent of the LBS regulatory framework in Australia by sketching the components of the existing scheme and defining the extent to which the respective elements apply at the federal level. It has additionally set out the regulatory and public policy context within which the framework exists and the challenges that demand a certain degree of sensitivity by presenting a conceptual framework for analysing LBS regulation. It is recommended that future studies: (a) utilise the conceptual framework as a means of measuring the validity of a given regulatory framework in a specific setting, and (b) employ the defined Australian framework as the basis for examining the need for LBS regulation in Australia and understanding the manner in which LBS regulation should be implemented.
The Australian framework presented in this paper can be further extended as part of future work. Explicit areas for prospective research include: (a) broadening the scope of the framework to account for state-based legislation and additional industry-based mechanisms, (b) encouraging a greater focus on cross-cultural comparisons by comparing the Australian case with other, more mature examples such as the European data protection regime for LBS, (c) consulting with relevant stakeholders regarding the applicability and adequacy of the Australian framework and existing regulatory measures and contrasting the results with the outcomes of the validation process presented in this paper, and (d) improving the framework based on the suggested areas for improvement.
The focus of this paper was on developing a conceptual framework for analysing LBS regulation, presenting the components of the existing Australian framework and subsequently engaging in a process of validation. The validation process indicated that the LBS regulatory framework in Australia should: (i) account more specifically for LBS and location data, (ii) better incorporate legislative, self-regulatory and co-regulatory mechanisms, (iii) encourage a higher degree of collaboration with stakeholders in the LBS value chain, and (iv) encompass a higher degree of flexibility to ensure technological developments are integrated. The benefits to be garnered from this exercise include an accurate and detailed understanding of the current framework in Australia which has allowed areas for improvement to be identified. The ensuing outcomes can be used as the basis for future research in the LBS regulation field and provide a useful starting point for determining the need for LBS regulation in Australia.
The authors wish to acknowledge the funding support of the Australian Research Council (ARC) – Discovery Grant DP0881191 titled “Toward the Regulation of the Location-Based Services Industry: Influencing Australian Government Telecommunications Policy.” The views expressed herein are those of the authors and are not necessarily those of the ARC.
ALRC, For your information: Australian privacy law and practice, (2008), (ALRC report 108). 12 January 2012, http://www.alrc.gov.au.ezproxy.uow.edu.au/publications/report-108
AMTA, AMTA guidelines, 24 April 2012, www.amta.org.au/files/Location.Based.Services.Guidelines.pdf (2010)
About AMTA; n.d. 21 February 2012. http://www.amta.org.au/pages/About.AMTA.
APF, Privacy laws – Commonwealth of Australia, 20 February 2012, http://www.privacy.org.au/Resources/PLawsClth.html (2007)
APF, Location and tracking of individuals through their mobile devices, 20 February 2012, http://www.privacy.org.au/Papers/LocData.html (2011)
Attorney General's Department, Australian laws to combat terrorism, 20 February 2012, http://www.nationalsecurity.gov.au/agd/www/nationalsecurity.nsf/AllDocs/826190776D49EA90CA256FAB001BA5EA?OpenDocument (2011)
Attorney General's Department. Telecommunications interception and surveillance; n.d., 20 January 2012. http://www.ag.gov.au/Telecommunicationsinterceptionandsurveillance/Pages/default.aspx.
A. Barreras, A. Mathur, Wireless location tracking, [chapter 18], K.R. Larsen, Z.A. Voronovich (Eds.), Convenient or invasive: the information age, Ethica Publishing, United States (2007), pp. 176-186
J. Braithwaite, C. Coglianese, D. Levi-FaurCan regulation and governance make a difference? Regulation & Governance, 1 (2007), pp. 1-7
P. Bridgman, G. Davis, The Australian policy handbook, (3rd ed.), Allen & Unwin, Crows Nest, NSW (2004), 198 p.
G. Cho, Geographic information systems and the law: Mapping the legal frontiers, John Wiley & Sons, Chichester, West Sussex (1998), 337 p.
G. Cho, Geographic information science: mastering the legal issues, John Wiley & Sons Inc, Hoboken, NJ (2005), 440 p.
R. Clarke, While you were sleeping… surveillance technologies arrived, Australian Quarterly, 73 (1) (2001), pp. 10-14
R. Clarke, Privacy on the move: the impacts of mobile technologies on consumers and citizens, http://www.anu.edu.au/people/Roger.Clarke/DV/MPrivacy.html (2003)
R. Clarke, PAIs in Australia – a work-in-progress report, http://www.rogerclarke.com/DV/PIAsAust-11.html (2010)
R. Clarke, M. Wigan, You are where you've been: the privacy implications of location and tracking technologies, http://www.rogerclarke.com/DV/YAWYB-CWP.html (2011)
E.B. Cleff, Effective approaches to regulate mobile advertising: moving towards a coordinated legal, self-regulatory and technical response, Computer Law & Security Review, 26 (2010) (2010), pp. 158-169
C. Cuijpers, B.J. Koops, How fragmentation in European law undermines consumer protection: the case of location-based services, European Law Review, 33 (2008), pp. 880-897
E. Dal Bó, Regulatory capture: a review, Oxford Review of Economic Policy, 22 (2006), pp. 203-225
J.E. Dobson, P.F. Fisher, Geoslavery, IEEE Technology and Society Magazine, 22 (1) (2003), pp. 47-52
A. Escudero-Pascual, I. Hosein, Questioning lawful access to traffic data, Communications of the ACM, 47 (3) (2004), pp. 77-83
A. Fenna, Introduction to Australian public policy, Addison Wesley Longman Australia Pty Limited, South Melbourne, Australia (1998), 454 p.
FIDISD, 11.5: the legal framework for location-based services in Europe, http://www.fidis.net/ (2007)
N. Gunningham, J. Rees, Industry self-regulation: an institutional perspective, Law & Policy, 19 (4) (1997), pp. 363-414
T.A. Hemphill, Monitoring global corporate citizenship: industry self-regulation at a crossroads, The Journal of Corporate Citizenship, 14 (Summer 2004) (2004), pp. 81-95
W. Herbert, No direction home: will the law keep pace with human tracking technology to protect individual privacy and stop geoslavery?, I/S: A Journal of Law and Policy, 2 (2) (2006), pp. 409-473
D.D. Hirsch, The law and policy of online privacy: regulation, self-regulation, or co-regulation? (2010), p. 1–62, http://works.bepress.com.ezproxy.uow.edu.au/dennis_hirsch/61/
I. Hosein, The collision of regulatory convergence and divergence: updating policies of surveillance and information technology, The Southern African Journal of Information and Communication, 2 (1) (2001), pp. 18-33
B.J. Koops, Should ICT regulation be technology-neutral? [chapter 4], B.J. Koops, M. Lips, C. Prins, M. Schellekens (Eds.), Starting points for ICT regulation. Deconstructing prevalent policy one-liners, IT & law series, vol. 9, T.M.C. Asser Press, The Hague (2006), pp. 1-28, (online version). p. 77–108 (original version), http://papers.ssrn.com/sol103/papers.cfm?abstract_id=918746
S. Maddison, R. Denniss, An introduction to Australian public policy: theory and practice, Cambridge University Press, Port Melbourne, Victoria (2009), 281 p.
G.T. Marx, Ethics for the new surveillance, [chapter 2], C.J. Bennett, R. Grant (Eds.), Visions of privacy: policy choices for the digital age, University of Toronto Press, Toronto (1999), pp. 37-67
K. Michael, R. Clarke, Location privacy under dire threat as uberveillance stalks the streets, Precedent (Focus on Privacy/FOI), 108 (2012), pp. 1-8, (online version) & 24–9 (original article), http://works.bepress.com.ezproxy.uow.edu.au/kmichael/245/
K. Michael, R. Clarke, Location and tracking of mobile devices: uberveillance stalks the streets, Computer Law and Security Review, 29 (2) (2013), http://works.bepress.com.ezproxy.uow.edu.au/kmichael/305/
J.B. Morris, The privacy implications of commercial location-based services, Testimony before the House Committee on Energy and Commerce, Subcommittee on Commerce, Trade, and Consumer Protection and Subcommittee on Communications, Technology, and the Internet: 1–15, http://inews.berkeley.edu/files/CDT-MorrisLocationTestimony.pdf (2010)
L.B. Moses, Recurring dilemmas: the law's race to keep up with technological change, Journal of Law, Technology and Policy, 2007 (2) (2007), pp. 239-285
L.B. Moses, Agents of change: how the law ‘copes’ with technological change, Griffith Law Review, 20 (4) (2011), pp. 763-794
R. Nicholls, Right to privacy: telephone interception and access in Australia, Technology and Society Magazine, IEEE, 31 (2012), pp. 42-49
R. Nicholls, M. Rowland, Regulating the use of telecommunications location data by Australian law enforcement agencies, Criminal Law Journal, 32 (2008), pp. 343-350
R. Nicholls, M. Rowland, Message in a bottle: stored communications interception as practised in Australia, [chapter 7], K. Michael, M.G. Michael (Eds.), The second workshop on the social implications of national security (from Dataveillance to Uberveillance and the Realpolitik of the Transparent Society), University of Wollongong, IP Location-Based Services Research Program (Faculty of Informatics) and Centre for Transnational Crime Prevention (Faculty of Law), Wollongong, Australia (2007), pp. 83-96
Nicholls and Rowland, 2008b, R. Nicholls, M. RowlandRegulating the use of telecommunications location data by Australian law enforcement agencies, [chapter 14], K. Michael, M.G. Michael (Eds.), The third workshop on the social implications of national security (Australia and the New Technologies: Evidence Based Policy in Public Administration), University of Wollongong, IP Location-Based Services Research Program (Faculty of Informatics), Wollongong, Australia (2008), pp. 173-184
H. Nissenbaum, Privacy in context: technology, policy, and the integrity of social life, Stanford Law Books, Stanford, California (2010), 288 p.
P.J. O'Connor, S.H. Godar, We know where you are: the ethics of LBS advertising, [chapter Xiii], B.E. Mennecke, T.J. Strader (Eds.), Mobile commerce: technology, theory and applications, Idea Group Publishing, Hershey, US (2003), pp. 245-261
OAIC. Privacy Act; n.d. 20 February 2012. http://www.privacy.gov.au/law/act#.
P. Ohm, The argument against technology-neutral surveillance laws, Texas Law Review, 88 (2010) (2010), pp. 1685-1713
T. Pilgrim, Speech to biometrics institute privacy in Australia: challenges and opportunities, 27 May 2010, Amora Hotel Jamison, Sydney. p. 1–29, www.privacy.gov.au/materials/types/download/9516/7089 (2010)
Privacy Act 1988 (Cth). Commonwealth of Australia; 2 February, 2012. http://www.comlaw.gov.au/Details/C2011C00503/Download.
Privacy Amendment (Private Sector) Act 2000 (Cth), Privacy Amendment (Private Sector) Act 2000 (Cth). Commonwealth of Australia; 2 February 2012. http://www.comlaw.gov.au/Details/C2004A00748/Download.
C. Reed, Taking sides on technology neutrality, SCRIPT-ed, 4 (3) (2007), pp. 263-284
M. Rix, Australia and the ‘war against terrorism’: terrorism, national security and human rights, [chapter 8], K. Michael, M.G. Michael (Eds.), The second workshop on the social implications of national security (from Dataveillance to Uberveillance and the Realpolitik of the Transparent Society), University of Wollongong, IP Location-Based Services Research Program (Faculty of Informatics) and Centre for Transnational Crime Prevention (Faculty of Law), Wollongong, Australia (2007), pp. 97-112
S. Rodrick, Accessing telecommunications data for national security and law enforcement purposes, Federal Law Review, 37 (2009), pp. 375-415
G.D. Smith, Private eyes are watching you: with the implementation of the E-911 mandate, who will watch every move you make? Federal Communications Law Journal, 58 (2006), pp. 705-726
G.J. Stigler, The theory of economic regulation, The Bell Journal of Economics and Management Science, 2 (1971), pp. 3-21
Surveillance Devices Act 2004 (Cth). Commonwealth of Australia; 2 February 2012. http://www.comlaw.gov.au/Details/C2011C00646/Download.
D. Svantesson, A legal method for solving issues of internet regulation, International Journal of Law and Information Technology, 19 (3) (2011), pp. 243-263
I. Székely, M.D. Szabó, B. Vissy, Regulating the future? Law, ethics, and emerging technologies, Journal of Information, Communication & Ethics in Society, 9 (3) (2011), pp. 180-194
Telecommunications (Interception and Access) Act 1979 (Cth). Commonwealth of Australia; 2 February 2012. http://www.comlaw.gov.au/Details/C2012C00081/Download.
(Cth)Telecommunications Act 1997 (Cth). Commonwealth of Australia; 2 February 2012. http://www.comlaw.gov.au/Details/C2012C00084/Download.
The ASIO Legislation Amendment Act 2003 (Cth). Commonwealth of Australia; 2 February 2012. http://www.comlaw.gov.au/Details/C2004A01228/Download.
The Australian Security Intelligence Organisation Act 1979 (Cth). Commonwealth of Australia; 2 February 2012. http://www.comlaw.gov.au/Details/C2011C00585/Download.
VLRC, Surveillance in public places consultation paper, Victorian Law Reform Commission, Melbourne (2009), http://www.lawreform.vic.gov.au/projects/surveillance-public-places/surveillance-public-places-consultation-paper
VLRC Surveillance in public places, Final report 18, Victorian Law Reform Commission, Melbourne (2010), http://www.lawreform.vic.gov.au/projects/surveillance-public-places/surveillance-public-places-final-report
H. Xu, H.H. Teo, B.Y.C. Tan, R. Agarwal, The role of push–pull technology in privacy calculus: the case of location-based services, Journal of Management Information Systems, 26 (3) (2009), pp. 135-173
Keywords: Location-based services, Regulation, Legislation, Law, Self-regulation, Co-regulation, Industry guidelines, Privacy, Australia
Citation: Roba Abbas, Katina Michael, M.G. Michael, Rob Nicholls, Sketching and validating the location-based services (LBS) regulatory framework in Australia, Computer Law & Security Review, Vol. 29, No. 5, October 2013, pp. 576-589, DOI: https://doi.org/10.1016/j.clsr.2013.07.014