Mobile phone data has already been used to predict population displacement in crises, and there are a range of other potential applications for humanitarian organisations. However, using this data comes with risks. The Oxford Internet Institute’s Ethical Privacy Guidelines for Mobile Connectivity Measurements aim to help researchers using mobile phone data ‘navigate the challenges of preserving the privacy of data subjects, publishing and disseminating datasets, while adhering to and advancing good scientific practice’.
It identifies 5 types of mobile data and outlines privacy risks for each:
- IMEI number (the serial number of a phone) – can identify a user when used with auxiliary data (such as billing information).
- Current IP address – if internet service providers’ address logs uniquely identify devices, IP addresses can make a data subject identifiable.
- Name of carrier – in countries where mobile carriers have relatively few subscribers, the name of a less common carrier could allow a subject to be identified in combination with other data.
- Battery level – it is possible for the rate of decay of a device’s battery power to be used to identify a device (though this would require significant analysis).
- Location – both GPS location and triangulating a phone’s position in relation to phone towers can be used to identify a person’s location and a series of locations through which they have moved over time.
From the OII’s blog on the guidelines:
we cannot envisage how political contexts will change in the future. Future malevolent governments, even in Europe or the US, could easily use datasets containing sensitive information to harm or control specific groups of society. One only need look at the changing political landscape in Hungary to see how specific groups are suddenly targeted in what we thought was becoming a country that adheres to Western values.