Public administrations increasingly use location data to deliver public services, including location-enabled tools, apps for tourists, toll collection services and cadastral web applications.
Location data, such as addresses, GPS coordinates or camera images, is key to many public services and can also be linked to all sorts of other data, generating new information that was not available before.
Despite the increased consumption of location data, its potential to reveal personal information is often underestimated, especially in comparison to other sensitive data, for instance in the financial and health domains.
Location data not only say where an individual is, but it also says who he/she is and what his/her interests and preferences are. Therefore, location data privacy is of paramount importance for public administrations.
While location data privacy has many aspects in common with general data protection principles, it also has unique characteristics that require specific consideration.
The goal of this guidance document is therefore twofold:
- to outline the key obligations that public administrations should comply with when handling personal location data
- and raising awareness about the importance of location data privacy, highlighting key implications and risks associated with the processing of location data. It does so by guiding the reader through concrete scenarios that public administrations might face when processing personal location data and provides a set of effective and practical recommendations that can help ensure the adequate protection of personal location data.
The guidance has been updated following the introduction of GDPR, taking into account market research in the location industry of the impact of GDPR.
The updated document includes new models and concepts as well as using examples throughout to illustrate changes and potential approaches. It is a guide to practitioners and while touching on the key relevant parts of GDPR, it is not a legal document or legal advice.