Guidelines for public administrations on location privacy: European Union Location Framework

Abstract

Public administrations increasingly use location data to deliver public services such as location-enabled tools, apps for tourists, toll collection services or cadastral web applications. Location data such as addresses, GPS coordinates or camera images is key to many public services and can also be linked to all sorts of other data, generating new information that was not available before. Despite the increase consumption of location data, its potential to reveal personal information is often underestimated, especially in comparison to other sensitive data, for instance in the financial and health domains. Location data not only says where an individual is, it also says who he/she is and what his/her interests and preferences are. Therefore, location data privacy is of paramount importance for public administrations dealing with location data. While location data privacy has many aspects in common with general data protection principles, it also has unique characteristics that require specific guidance. The goal of this guideline is therefore twofold: to outline the key obligations that public administrations should comply with when handling personal location data and raising awareness about the importance of location data privacy, highlighting key implications and risks associated with the processing of location data. It does so by guiding the reader through concrete scenarios that public administrations might face when processing personal location data and provides a set of effective and practical recommendations that can help ensuring the adequate protection of personal location data.