|
By Daniel
R. Sovocool
Thelen LLP
In
the last two years, many companies have announced that they
are developing navigation, information and emergency products
and services for in-vehicle use. Companies such as General
Motors, Mercedes Benz (Daimler Chrysler), Lincoln and Jaguar
(Ford), Infiniti (Nissan), Toyota, Honda, Mazda, Renault,
Fiat, Peugeot and BMW have committed to providing telematics
systems in their vehicles, either as an option or as a standard
feature. Device manufacturers such as Palm recently have
entered the market. There are many other players in the
telematics industry, ranging from telematics service providers
(TSPs) such as GM OnStar, ATX Technologies, Response and
Wingcast to wireless carriers, hardware suppliers and location-based
content originators. Most see telematics systems as a viable
way to extract recurring revenue streams, increase brand
awareness and better manage customer relations.
According
to a recent analysis by UBS Warburg, the telematics industry
is poised for rapid expansion with advances in 3G broadband
wireless, among other technological innovations. UBS Warburg
forecasts that worldwide end-user telematics revenues will
rise to about $24 billion by 2005 and to $47 billion by
2010, with 71 percent of revenues in the form of recurring
service revenue. 1/
There
are many legal issues associated with the developing telematics
industry, ranging from properly developing strategic alliances
to protecting intellectual property. This paper addresses
two key consumer issues: driver distraction and location
privacy.
I. DRIVER DISTRACTION
Traditionally,
driver distraction issues have arisen in the context of
cell phone usage in vehicles. Several studies have found
a significant connection between cell phone usage while
driving and accidents. On the other hand, a study by the
Harvard Center for Risk Analysis (commissioned by AT&T
Wireless) found that the risks posed by using cell phones
while driving are small.
More
recently, the concept of driver distraction has extended
to in-vehicle devices such as navigation systems, information
systems (that provide e-mail, stock quotes and the like)
and "infotainment" systems. The National Highway
Traffic Safety Administration has taken the position that
the additional cognitive demands of navigation systems,
information systems and the like while driving are substantial.
On the other hand, many in the industry believe that the
cognitive demands of using some of these systems are considerably
less than the demands associated with the alternative, such
as locating, reading and interpreting paper maps while driving.
Many
companies intend to use a voice interface to reduce the
level of distraction caused by these systems. While voice
interfaces will help, they are not a complete solution.
NHTSA recently conducted research using a car-following
task to evaluate how a speech-based e-mail system affects
drivers' responses to a periodically braking lead vehicle.
A
baseline condition with no e-mail system was compared to
a simple and to a complex e-mail system in both simple and
complex driving environments. The results showed a 30 percent
increase in reaction time when the speech-based system was
present. NHTSA also found that subjective workload ratings
also indicated that speech-based interaction introduces
a significant cognitive load, which was highest for the
complex e-mail system. It is likely that these findings
will become less relevant as voice interface systems become
more "intelligent" and less intrusive.
In
addition to a voice interface, some in the industry are
exploring simplifying the human-machine interface while
others are examining technical limitations such as disabling
cell phone ringing while the vehicle is moving, providing
navigation directions one at a time and storing turn-by-turn
directions for subsequent playback. GM recently committed
to spending $10 million to study the issue and possible
solutions. It remains to be seen how effective these solutions
will be.
While
the companies providing these systems need to be aware of
the possibility of product liability lawsuits, as a practical
matter the greatest risk they face may be devoting significant
resources to designing and offering a product that is restricted
in use or that lacks consumer demand because the public
perceives it as unsafe.
There
are no federal laws addressing driver distraction. On the
state and local level, however, considerable attention has
been directed toward regulating cell phone use while driving.
No state has yet banned cell phone use while driving, and
only three states have placed any form of restriction on
cell phone use. In 37 states, however, lawmakers have introduced
approximately 100 bills to ban or limit cell phone usage
while driving. Other states are likely to join the fray
shortly. A few municipalities have passed outright bans,
and several others are considering bans. Michigan, Oklahoma,
Minnesota and Pennsylvania require that police collect information
on cell phone usage on accident reports, and other states
likely will follow. Outside the United States, several countries,
including Japan, Britain, Spain, Brazil and Switzerland,
ban or restrict cell phone use while driving.
II. LOCATION INFORMATION AND PRIVACY
The
increasing market interest in wireless location services
has been accompanied by heightened consumer concern about
how location information derived from providing these services
is used. When combined with location technologies, wireless
telecommunications can give carriers, TSPs and others information
about the physical locations of their subscribers. Numerous
misconceptions surround the legality of using this information
for internal and external marketing and other purposes.
Although
this issue has arisen more directly in the context of wireless
cell phones (which must have location capabilities per Federal
Communications Commission mandate by October 2001), the
issue also arises in the context of telematics services,
many of which are based on knowing the location of the end-user.
As consumers and watchdog groups have become aware that
these services give providers access to location information,
a number of concerns have arisen. Chief among these is that
"someone" (such as the TSP, hackers or the government)
constantly will be monitoring the subscriber's location.
2/ Another concern is that providers will sell
or otherwise disclose location information for marketing
purposes, resulting in spam advertisements. A third concern
is that location information will be made available for
use against the subscriber in subsequent civil litigation
and criminal proceedings. Given these concerns, providers
need to be prepared to respond to inquiries regarding what
information is developed, who has access to it, how long
it is retained and how securely it is kept.
| A. | Three Myths About Location Privacy |
There
are three key myths regarding the privacy of location information.
The first myth is that providers "own" the location
information and can do whatever they want with it. In fact,
this is far from true, particularly for carriers. The second
myth is that it is illegal to disclose location information
without the customer's affirmative (opt-in) consent. This
also is inaccurate. The third myth is that user consent
(or user control of location disclosure to the provider)
will eliminate all practical privacy problems.
Despite
the varying perspectives on how information can be used,
all agree that the privacy of location information is an
important issue. As a business matter, customer trust is
critical. The conventional wisdom is that consumers will
provide information if they receive adequate value and are
confident about how it will be used but will punish any
company that inadequately protects their privacy. From a
risk management perspective, providers must avoid deceiving
consumers about how location information will be used or
otherwise face deceptive practices lawsuits. Finally, recent
media attention to the topic has created a popular sensitivity
to privacy matters, a sentiment that could snowball into
a more comprehensive regulatory regime.
| B. | The Current State of Location Privacy Law |
Determining
the legal status of location information is particularly
challenging because many of the technologies underlying
telematics are on the cutting edge, and courts have not
had an opportunity to decide the resulting privacy issues.
Some
guidance on location privacy issues can be derived from
the statutes applicable to telephone carriers. In October
1999, Congress enacted the Wireless Communications and Public
Safety Act of 1999, which amended the Telecommunications
Act of 1996 and declared location information derived by
telecommunications carriers from telecommunications services
to be "customer proprietary network information."
The wireless act requires that location information, as
customer proprietary information, must be disclosed to anyone
the customer designates by written consent but does not
explain how, when or at what cost this information must
be made available. 3/
The
wireless act also provides that except to provide the telecommunications
service from which it is derived and except for services
necessary to or used in the provision of such telecommunications
services, "location CPNI" (as opposed to all other
CPNI) cannot be disclosed without "express prior authorization."
This rule is not limited only to location information derived
from 911 calls. There are a few exceptions to this prohibition,
including disclosures for the purpose of rendering bills,
protecting a carrier's property rights and preventing or
investigating fraud. 4/
The
new location privacy law is not as broad as it might appear.
First, it applies only to "telecommunications carriers,"
as that term is defined by law. Companies other than telecommunications
carriers are not subject to the statute. 5/
Second,
while the statute requires that carriers obtain express
prior authorization before they disclose location information,
it does not state how that authorization must be obtained.
There has been a great deal of uncertainty on this subject,
arising in part from a ruling striking down certain FCC
subscriber consent rules as unconstitutional. U.S. West
v. FCC, 182 F.3d 1224 (10th Cir. 1999), cert. denied
2000 U.S. Lexis 3811 (June 5, 2000). While Congress has
required "express prior authorization," the FCC
has not defined the type of consent required for disclosure
of location information. For the time being, it appears
that in addition to written consent in subscriber agreements,
oral and electronic consents (such as "click throughs")
are sufficient.
Third,
disclosing a subscriber's location, without prior consent,
for the sole purpose of providing a specific location-based
service requested by the subscriber is not prohibited by
the statute although good practice dictates that some form
of prior consent be obtained. On the other hand, selling
or otherwise disclosing (without consent) the location for
marketing purposes is prohibited, at least for wireless
carriers who derive the location from telephone services.
Finally,
the wireless act allows carriers to release or use aggregate
location information: collective data from which individual
customer names and other individually-identifiable characteristics
have been removed. 6/ Thus, a carrier can use
such aggregate information to develop non-individualized
profiles of consumers likely to purchase a service. 7/
Interestingly,
some in the industry (primarily wireless content originators
and aggregators) have expressed concerns that carriers will
use the privacy provisions of the wireless act to hoard
location information with the goal of creating "walled
gardens" with respect to location-based services. Whether
this strategy will be successful remains to be seen.
No
states so far have passed laws specifically addressing location
privacy. On the other hand, states traditionally have been
active in consumer protection legislation. At least nine
state constitutions contain explicit privacy guarantees
8/, and a number of others have implied privacy protections.
Many state legislatures are considering privacy bills. California,
Texas, Tennessee and Hawaii have enacted laws that prohibit
nonconsensual electronic monitoring of vehicles.
| D. | Self-Regulation and Risk Management |
Learning
from the experience of online companies, location services
companies are well-advised to practice risk management regarding
location privacy. When companies fail to adequately protect
private information as provided by their policies, consumers
may file lawsuits to challenge practices they find unacceptable.
A
good start is to develop a telematics privacy policy that
addresses four key areas: notice, choice, access and security.
First, consumers should receive notice of the information
that is collected and of provider's privacy policy. They
should be kept aware of revisions to that policy. Second,
customers should be given a choice regarding the scope of
disclosure of that information, particularly if the information
may be disclosed for purposes other than to provide the
underlying service, and a mechanism for exercising that
choice. Third, consumers should have access to their location
information. Finally, providers should develop a system
of security and maintain the location information in accordance
with that system. In implementing these policies, privacy
audits that analyze the company's approach to privacy and
provide a diagnostic examination of its practices are a
helpful tool.
If you would like to receive legal reports and updates
more quickly, by e-mail, click
here and fill out the mailing list form.
For more information about the issues covered in this report, please contact Daniel R. Sovocool in our San Francisco office at 415-369-7340 or at dsovocool@thelen.com or contact your Thelen attorney. For more information about Thelen's Construction and Government Contracts Department, click here.
ENDNOTES
1/
Worldwide Telematics Industry, UBS Warburg (August
21, 2000).
2/
In fact, most telematics services discern a subscriber's
location only when the subscriber contacts the service,
when an airbag deploys or when there is a request for stolen
vehicle recovery assistance. Most, if not all, have privacy
policies that limit the disclosure of location information
without the subscriber's consent. As for government access,
the Electronics Communications and Privacy Act of 2000 (H.R.
5018), if enacted, would limit the ability of the government
to obtain location information by requiring a higher showing
than is presently required.
3/
47 USC §222 (c) (2).
4/
47 USC §222 (d).
5/
Moreover, some in the industry claim that a wireless
carrier that derives location information from mobile Web
access, as opposed to telephony, can disclose that information
to others without first obtaining prior affirmative consent.
The FCC rules on this subject are in a state of limbo and
may be addressed in the upcoming rule-making on customer
proprietary information.
6/
47 USC §222 (f) (2).
7/
Other than the wireless act, the only other federal
laws addressing location privacy relate to the government's
right to cell location information. TSPs and others should
be familiar with these rules. They also should be familiar
with the standards required for real-time monitoring of
location.
8/
Arkansas, Arizona, California, Florida, Illinois,
Louisiana, Montana, South Carolina and West Virginia.
©2001 Thelen LLP
|
