We’re in an incredibly exciting time in the location space, and in a critical moment for setting a course for this technology that avoids pitfalls and maximizes the potential for human benefit.
We’re approaching an inflection point in both in technological advancement and market demand. Technologies such as 5G and edge computing are promising better positioning accuracy and faster data processing. More industries and companies are relying on location to answer critical questions from where to open a new retail location, to how to predict real estate prices using traffic, to where your friends are and what the pulse of your city is.
Our lives and the ways in which we engage with the world are inherently local, and the more we can connect our digital lives to the real world, the more we can build personalized, engaging experiences that uncover new insights.
At Mapbox, this means 2019 will see continued investment into industries such as Social, Automotive, Augmented Reality, and Business Intelligence, working with partners from Samsung, to Porsche, to Facebook, and Uber as we continue to push the boundaries of innovation across location.
However, as a location data platform for developers, Mapbox takes seriously our guidance position in thinking about future product development — we need to keep in mind both the interests of businesses looking to harness location, in addition to the interests of their end users. As consumers are increasingly demanding more when it comes to ethical data collection from the products they use everyday, this means it’s more important than ever to maintain our orientation toward our north star of privacy for our customers and users. Location data is personal and sensitive, so it’s important that questions about user privacy continue to be debated, discussed and scaled as the location industry increases. Getting this right is crucial to making sure location moves in the right direction, and avoiding some of the mistakes we’re seeing today in tech.
What Data We Collect and Why
Device-collected location data is critical to constantly improving the mapping products we depend on every day. Mapbox SDKs collect encrypted, anonymous, and aggregated data about the map and device location so that we can help developers build better location-based applications. Anonymous sensor data helps find missing roads, determine road speeds and traffic, and classify biking and walking transit routes in cities. This data contributes to a better map of our world for users.
Minimal viable data footprint
We start by only collecting the minimal amount of data needed to improve our products. Nothing more. This includes information such as latitude, longitude, and elevation and we intentionally do not collect information that is personally identifiable. We specifically do not record advertising identifiers (IDFA on iOS, AAID on Android), so the data cannot be employed for advertising.
Encryption, Anonymization, and Aggregation
For the data that we do collect, we segment trips into 2-3 minute long traces, discarding the beginning and end of each trace, as well as data that looks like it’s from residential dwellings. This leaves us with many short segments that we then only use in the aggregate, meaning the resulting data is useful for detecting traffic conditions, but useless for identifying individuals.
We also ensure all data collected is double encrypted, both as it’s transmitted and also when it’s stored. We ensure this is done using widely adopted libraries that have been independently audited for security.
Honest Data Collection and Consumer Opt-out
Trust is at the forefront of conversations related to user privacy and users should feel they can trust the application developers and 3rd party services that collect their data. We believe that the reason for collecting user location data should be disclosed in a clear and unambiguous way to those providing that location information. This allows users to make informed decisions about whether to opt in or out of data collection, and developers who use Mapbox SDKs are required to provide their users with the ability to opt out of location collection.
We also believe that companies should provide value to their end users for the location data they collect. This is why Mapbox maintains a minimal viable data footprint when it comes to the data we collect, only collecting the data we need to improve our and users’ products.
Implementing the principle of least privilege – where staff are given access only to the resources they need to carry out their roles – is a priority for any world-class security team. Having a security team in place is a prerequisite to handling location data responsibly. Carefully designed access control limits risk. We carry the principle of least privilege through our onboarding and offboarding processes, and include instrumentation to deter unexpected attempts at access or privilege escalation. We believe this type of risk-management process will be increasingly adopted by more companies using location data in 2019.
How data is used matters just as much as how it’s collected, and the future of location promises exciting use cases, as long as companies continue to prioritize building with empathy, preventing misuse, and adding value for customer, end users, and the world.