Menu
Google Maps for iPhone violates European data protection law, German watchdog says

Google Maps for iPhone violates European data protection law, German watchdog says

The issue is that the option to share location data is on by default, says the Independent Centre for Privacy Protection Schleswig-Holstein

When users install Google Maps on their iPhone, the option to share location data with Google is switched on by default. By doing this, Google violates European data protection law, according to a German data protection watchdog.

Google Maps for iPhone appeared in the App Store on Wednesday and was welcomed by many after Apple stumbled with its own maps application. Google Maps quickly became the most popular free app in the App Store.

When the app is downloaded, Google prompts users to accept its terms of service and privacy policy in the startup screen. On the same screen, the Maps app warns users that they are about to share their location data with Google. "Help us improve Google, including traffic and other services. Anonymous location data will be collected by Google's location service and sent to Google, and may be stored on your device," Google tells users.

However, the option box next to the text is switched on by default, which isn't allowed by European data protection law, said Marit Hansen, deputy privacy and information commissioner at the Independent Centre for Privacy Protection Schleswig-Holstein, Germany, in an email.

She said Google's definition of "anonymous" doesn't guarantee users complete anonymity. "All available information points to having linkable identifiers per user," which would allow Google to track several location entries, she said.

"This is clearly not anonymous," she said, adding that she had to assume that Google's "anonymous location data" is still "personal data" under European data protection law.

When a company wants to process personal data, users have to give informed consent instead of opting out, she said. "So I conclude that the current implementation is not compliant with current European data protection law, even if Google now offers an opt-out possibility," Hansen said.

In January, the Dutch Data Protection Authority (CBP) ruled that navigation service TomTom could only gather and process anonymous geolocation data it uses to map traffic after prior consent is given by the user, "because geolocation data are sensitive personal data." According to the CBP, TomTom could use the location data to deduce where someone supposedly lives.

"Such data are therefore to be regarded as personal data. When Google collects such data about routes traveled, it collects personal data for which consent must be obtained," Mark Jansen, a lawyer who specializes on IT issues, told IDG News Service partner Webwereld.

"The only basis for this processing seems to be consent. That means at a minimum that a pre-ticked box is not sufficient," he said.

This kind of data processing is also being discussed on a European level by the Article 29 Working Party, which is made up of data protection commissioners from each European Union member states, Hansen said. Her organization is part of the group, which she expects will discuss the issue further. She hopes that non-European users will also "question the behavior of companies that do not inform users properly and prefer opt-out over opt-in."

A Google spokesman could not immediately comment on Hansen's findings, but referred to a page where the company states that "Google does not know who you are when you use the My Location (beta) feature in Google Maps for mobile."

"The collection of location information is done only with the consent of users," the Google spokesman told Webwereld regarding the Dutch findings, adding that users can choose to switch this off at any time.

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, open-source and online payment issues for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com

Follow Us

Join the ARN newsletter!

Error: Please check your email address.

Tags telecommunicationapplicationsGoogleiossecuritylegalMobile OSesmobileprivacyApple

Upcoming

Slideshows

IN PICTURES: VMworld 2015 Asia-Pacific and Japan party (+ 32 photos)

IN PICTURES: VMworld 2015 Asia-Pacific and Japan party (+ 32 photos)

VMware recently held an Asia-Pacific and Japan party for its partners in San Francisco following two days of keynotes and sessions. Whilst mingling and enjoying drinks and finger food, the partners were joined by VMware management who also took the opportunity to let their hair down to have some fun.

IN PICTURES: VMworld 2015 Asia-Pacific and Japan party (+ 32 photos)
IN PICTURES: VMworld 2015 sponsor and partner showcase (+41 photos)

IN PICTURES: VMworld 2015 sponsor and partner showcase (+41 photos)

VMware's sponsors and partners used the opportunity at VMworld 2015 to showcase some of their technologies. At an exhibition hall, these vendors educated those that popped by their stands on these solutions and addressed some of the issues surrounding mobility, datacentres, and the Cloud. SOme of the big names there included f5, Palo Alto Networks, HP, Intel, Samsung, and Symantec.

IN PICTURES: VMworld 2015 sponsor and partner showcase (+41 photos)
IN PICTURES: VMware's VMworld 2015 day 1 (+13 photos)

IN PICTURES: VMware's VMworld 2015 day 1 (+13 photos)

VMware has kicked off VMworld 2015 in San Francisco and the first day saw keynotes from its president and CEO, Carl Eschenbach; executive vice-president and general manager, Bill Fathers; and executive vice-president and general manager of SDDC, Raghu Raghuram; amongst others. VMware also made Cloud-related announcements and demonstrated its latest technology.

IN PICTURES: VMware's VMworld 2015 day 1 (+13 photos)

iasset.com is a channel management ecosystem that automates all major aspects of the entire sales, marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Show Comments