Starting at the most granular, or hyper‑local, is a smartphone, your typical Android or iPhone. You have a hyper‑local request on that phone. This is the pop-up which says, “Will you share your location?” That can be incredibly granular, so you can get down to city blocks and sometimes better. Sometimes it’s not so good, but really, that’s the best data for us to use. That can come from the mobile web as well as a mobile app.
Also, from here, zip code can be captured in different ways. For example, triangulation, takes the hyper‑local request and changes it to zip code. Also, if a mobile ad impression comes in and it has an IP that lets me know that they’re on wireless, I can take the IP address of that wireless and turn that into location using Geo IP – which brings us to the second piece of location-based advertising – online location. This is, historically, Geo IP, which was DMA-based and has slowly gotten better. Some people are claiming zip code [level accuracy], some people are claiming better.
A few privacy and policy implications:
- Apple and Android have already established user expectations about consent. Location-based services in the operating system provide very precise location information, but only through a user-consent framework built-in to the OS. This creates a baseline user expectation about consent for precise location targeting.
- Zip-code should be the consent threshold. IP addresses can provide zip code location, even without an independent user consent (this has been in use for some time on traditional websites and ads). As Geo-IP targeting improves beyond zip-code granularity (based on IP-address alone), users will rightly expect to provide consent before the collection and use of that data. This is consistent with self-regulatory principles such as the NAI code, which deems “precise real time geographic location” as sensitive information requiring prior user consent. To avoid ambiguity, self-regulatory organizations should make the definition perfectly clear in their written guidelines.
- “Do Not Track” must address location, too. For the purposes of Do-Not-Track, does Geo-IP location targeting need to be turned off if a user has made the election? Given the consent framework already in place, there’s little doubt that this is what the average user would expect.