EU Officials’ Location Data For Sale
Journalists in Europe have revealed that it is surprisingly easy to track top European Union officials through commercially available location data sold by data brokers. Despite Europe’s strong data protection framework under the General Data Protection Regulation (GDPR), location histories from millions of mobile phones were accessed, including those of high-level EU officials. The data was obtained as a free sample from a broker and contained 278 million location points from phones primarily in Belgium.
This location data is collected by everyday apps installed on users’ phones and then sold to data brokers. These brokers subsequently sell the information to various clients, including governments and military organizations. The dataset included detailed location histories of officials working directly for the European Commission in Brussels, as well as hundreds of devices used by people in sensitive EU roles. Reporters identified 2,000 location points from 264 officials and approximately 5,800 points from over 750 devices linked to the European Parliament.
Although GDPR is designed to protect personal data, enforcement against data brokers has been slow across Europe. The data brokering industry has grown into a billion-euro business, trading in location data and other private information. To help mitigate tracking risks, Apple users can anonymize their device identifiers, and Android users can reset their device identifiers regularly.
Concerns over location data privacy have increased following incidents such as the breach of Gravy Analytics, a data broker that exposed location data of tens of millions of people. This breach highlighted how location records can be used to track individuals’ movements extensively. EU officials have issued new guidance to staff to better protect their location data and counter unauthorized tracking.
