Ultra-Wideband (UWB) technology became unregulated within the EU in 2007. Most recently, it was integrated into mobile phones in 2019, notably Apply and Samsung adding it to all their newer models. While UWB is characterised as a radio technology with any signal above 500 MHz, it operates within the 6-9 GHz
range in mobile phones. This allows for fast data rate, low power secure
communication, multipath facilities and accurate localization. While the integration of UWB is mostly advantageous to users and innovators, its ability of accurate localisation may lead to severe privacy concerns

The aim of the thesis is to understand the privacy concerns of UWB’s integration into mobile phones by answering the main research question: how do experts and users perceive privacy concerns of UWB usage in mobile phones; and how can they be mitigated? It was subsequently broken down into three sub-research
questions: 1. What are the possible applications of UWB in mobile phones? Phones have other incumbent radio technology embedded such as Bluetooth (BLE) and Wi-Fi, however it seems like UWB is being integrated to serve additional purposes. The answer to this question seeks to understand from gray and research literature how UWB can be used in mobile phones and what advantage it gives over incumbent technology. Research shows UWB gives phones the ability for indoor navigation, gesture-based control, foot traffic analysis for smart retail, teleconference systems, proximity-based localization, key-less entry among others.

This leads to research question 2. What are the potential privacy concerns associated with UWB? The incorporation of new technology capable of accurate localization leads to privacy concerns. All privacy issues were categorised on the basis of three paradigms: social, surveillance and institutional mentioned in Gurses and Diaz, 2013. This was initially done by interviewing experts from the three groups of privacy experts, policy regulators and technology experts. Analysis of their answers showed that UWB privacy concerns seem relatively similar to BLE and Wi-Fi localization, albeit with higher granularity. UWB allows mobile phones companies, third parties and governments track people accurately indoors, push advertisements depending on location, obtain relative relationships between people based on distance leaving people with no place to hide. Subsequently, user interviews were carried out to see if they could identify the same concerns of UWB. Results showed that that from the data of users interviewed, all of them believed that accurate data
localization of people is crossing a line that users cannot push back on. A majority of them saw most of the same privacy issues as the experts showing that, as people get more adept with technology they understand
how it can affect their privacy. A common question that was asked across all the interviews was how can we protect our privacy in the face of such penetrating innovation as time lapses.

Which is the final sub-research question: 3. What are technical and societal approaches to address privacy concerns? Experts provided solutions that were more industry oriented which included decoupling UWBfrom other location-based services, provision of opt-out settings on a more prominent basis, reworking license agreements, industry wide discussion and self-regulation in terms of privacy. However, users gave answers that were more user-centric and gave more control to the common public. This included users neggotiating their own privacy agreements, compensation models for loss of privacy, a more holistic regulation process and finally, trying to break the control of big tech companies. This shows that users and experts have very similar understanding of privacy issues but very different views on how privacy should be protected. Perhaps, it may be time for regulators to pay heed to user suggestions. These suggestions were then compared with privacy mitigation strategies mentioned in literature. Notably, the most overarching concept that needs to be incorporated is the concept of Privacy-by-design which can then be broken down into technical and societal strategies. Technical approaches included concepts such as obfuscation, k-anonymiser, differential privacy, dummy localization and access control mechanisms. All the technical strategies seemingly had the same issue of requiring third-party applications to function. Sophisticated security measures and privacy statements would then be needed to ensure these companies do not choose monetary gain over user privacy. Societal approaches included concepts of data-for-all, technical regulatory bodies and finally, breaking up of big tech companies. As time passes and innovations become more pervasive, it may be too late to incorporate privacy protection actively. The time to protect privacy is now.