Geolocation is an increasingly popular Internet feature with many benefits. With geolocation, you can let your friends know where you are, locate places like restaurants or gas stations nearby, or find out location-specific information like weather and directions. There are many popular websites and apps that encourage users to share their location, such as Twitter, Facebook, Foursquare, Gowalla, and Loopt. Geolocation is usually used on mobile phones with Internet connections, which use GPS technology to calculate a user’s position as he or she travels from place to place.

It is expected that over the course of the next few years, consumers will use their mobile phones to browse the Internet more frequently than using their computers. In addition, mobile phones hold a significant amount of personal information about the user, such as phone contacts and unique device identifiers, and they typically use mobile “apps” in place of a browser for Internet use. Users can’t opt-out or delete cookies as they might be able to do on a regular computer; tracking happens on mobile phones whether we like it or not.

In December 2010, the Wall Street Journal examined 101 popular apps and reported that many of those apps were sending user information to third-party advertisers: of the 101, 56 apps transmitted unique phone IDs, 47 apps transmitted the users’ location, and five apps sent the age, gender and other personal information. Mobile apps aren’t required to have privacy policies, so it is easy to get away with a lot of data sharing. It is clear that including geolocation is essential when creating a universal privacy policy.

We have recently been reporting on the draft of Do Not Track (DNT) standards from the W3C Tracking Protection Working Group. In this draft, the Group surprisingly does not place tracking limits on geolocation technologies by third parties. Many users understandably are not comfortable with personal location tracking, and we believe that consumers should be given the choice to block the collection and transmission of geolocation when they submit a Do Not Track request.

As for mobile phones, Mozilla Firefox is currently the only browser that supports Do Not Track on mobile devices. However, this only works on Android phones, and does not work on downloaded mobile apps. A universal Do Not Track request should function on mobile devices the same way it functions on fixed Internet devices, and it should also be configured to work for mobile apps. We encourage the Tracking Protection Working Group to address this issue clearly and comprehensively in their standards.