In the final part of this series, we discuss the key regulatory issues concerning the collection, processing and usage of geolocation data. Starting with the definition of geolocation data as ‘personal data’, we draw attention to several cautionary tales of data misappropriation or privacy leakage, before discussing best practices according to GDPR, as well as the logistical and legal challenges associated with data anonymization. We also draw attention to several future policy developments, which should be on the radar of any informed user of geolocation data.

Part 1: Location data types
Part 2: POIs and geofencing
Part 3: Regulatory trends

Friendly PSA: the following information is intended as a general primer on location intelligence. If you are already a sophisticated user of this data (or are even just passably familiar with it) then there is a chance that you will not learn anything new here.

The Privacy Paradox

The privacy paradox is a social phenomenon used to describe the contradictory desire of today’s internet users to be remembered and yet also to be forgotten. In other words, whilst the number of social media users has now risen to 3.2 billion – all producing and consuming personal content to varying degrees – individuals and governments alike are increasingly concerned with the safeguarding of personal privacy.

The same dilemma can be perceived in our relationship with location data. Many of us are indebted to the convenience afforded by Google Maps, but still feel an Orwellian sense of unease when browsing through the details of our own Location History.

Although legal definitions may vary between jurisdictions, the most robust regulatory frameworks in place today (read: GDPR) assert that geolocation data must be classified as personal data. This is understandable, considering that even in the absence of a person’s name and address, mobility records constitute an open door to extremely sensitive personal information