Policy controlling messages sent, location based services rendered, retention, and transfer of location data This policy defines obligations and rules for some aspects of a location based service. (1) It allows messages to be sent to a user as well as customized maps (2) It allows transfer of location information about the user provided that (1) only city-level accurate information is given and (2) that the company receiving the data has a privacy policy that is compliant with the provider company (3)It allows location information to be stored by the company for 24 hours at most (4) It obligates the provider to give customers full access to all data stored about them. LBS Company Penn Security Lab lbs@upenn.edu

200 South 33rd Street, Philadelphia, PA 19104

USA http://www.lbs.example.com The location information must only be of city level granularity. That means that the information for all fields of finer grain than city must be left blank "" "" "" "" "" "" Deliver content and data to the user Allows the delivery of content and data to the user as per the contract Send an advertising message Allows the sending of advertising messages if the user has opted in Send customer service notice Allows the sending of customer service information Transfer location information Allows the transfer of location information by a managero only if the data is reduced to city-level accuracy and the receiving company has a policy that has been checked --> Retention for only 24 hours Allows the retention of data only for 24 hours, after which data must be destroyed