Why were Apple consumers never affirmatively informed of the collection and retention of their location data in this manner? Why did Apple not seek affirmative consent before doing so?
-Al Franken (D-Minn)
Collecting, storing and disclosing a consumer's location for commercial purposes without their express permission is unacceptable and would violate current law. That's why I am requesting responses to these questions to better understand Apple’s data collection and storage policies to make certain sensitive information can't be left behind for others to follow.
-Edward Markey (D-Mass)
It seems surprising that a large company like Apple wouldn't have tried to get consent from users to collect this location information, especially since it's so trivial to include it in the EULA which everyone agrees to anyway.
Oh, wait... (from the iPhone EULA, updated 5/8/09, available here)
(b)Location Data . Apple and its partners and licensees may provide certain services through your iPhone that rely upon location information. To provide these services, where available, Apple and its partners and licensees may transmit, collect, maintain, process and use your location data, including the real-time geographic location of your iPhone. The location data collected by Apple is collected in a form that does not personally identify you and may be used by Apple and its partners and licensees to provide location-based products and services. By using any location-based services on your iPhone, you agree and consent to Apple's and its partners' and licensees' transmission, collection, maintenance, processing and use of your location data to provide such products and services. You may withdraw this consent at any time by not using the location-based features or by turning off the Location Services setting on your iPhone. Not using these features will not impact the non location-based functionality of your iPhone. When using third party applications or services on the iPhone that use or provide locaiton data, you are subject to and should review such third party's terms and privacy policy on use of location data by such third party applications or services.
(emphasis in original)
I wonder how many of those Senators read the EULA before pontificating about Apple not getting consent for collecting location data. I wonder how many consumers who have privacy concerns about their location actually read the EULA before agreeing to it. My guess is that the answer to both questions is none. That isn't to say that there isn't a real problem. After all, I think there is a big conflict between EULAs and privacy, and that that conflict is a matter of significant public concern.
But unless there's more to the story than is currently being reported, the problem isn't that people's privacy rights have been violated, it's that they were inadvertently thrown away.