Law professor and privacy scholar Susan Landau writes:
…. Following the spirit of consumer protection laws such as those requiring that cars must have seatbelts, we urge that, with narrow exceptions, regulations or legislation limit the uses of metadata and telemetry information to the purposes for which they were designed: delivery of content and better user experience on the device (or, in the case of augmented reality or virtual reality, for only those purposes off the device). We recommend allowing use for investigating fraud, ensuring security, including device and user identification (for security purposes only), and modeling to understand future business needs; these purposes are analogous to the business purposes to which AT&T put metadata in the pre-1990s age. Then allow two more purposes. First, for a limited period during a public health emergency, we recommend the use of data to provide information on public movement in aggregate. We also recommend allowing such information to be used for public or peer-reviewed research projects in the public interest such as for urban planning, including appropriate de-identification methods so that personal information is not exposed.
Read the entire piece on Lawfare. An expanded version of this article is now available in the Colorado Technology Law Journal as “Reversing Privacy Risks: Strict Limitations on the Use of Communications Metadata and Telemetry Information.”
h/t, Joe Cadillic