- Key issues
What is Geolocation, how does it work, and should you be worried?
- 5 minutes
- By Vida Adamczewski
'This website would like to know your location'
What is geolocation data?
Geolocation data is information gathered about your geographical location. In other words, it refers to where you are in space. Specifically, where you are when you're using your phone or computer, which for most of us at the moment seems to be all day and everywhere.
The question is, is the fact that your phone and laptop tracks your every move a bad thing? We’ve looked into it for you.
How is geolocation data collected?
Occasionally, you might publicly share your location, dropping your pin to a friend nearby, tagging your location in a photo or even searching your postcode to find your nearest Deliveroo options. However, most geolocation data is collected instantaneously and automatically.
There are two main ways that this happens, device-based data collection and server-side data collection.
What’s device-based data collection?
This is the data that's collected by apps on your phone using GPS services and mobile networks to work out where the device is.
Device-based data can be really accurate (assuming that your phone is near you!), especially in places where there are lots of other people using mobile networks.
Unfortunately, the more accurate it is, the bigger the privacy risks are, particularly when it's combined with personal information like your name. If location services are enabled on your phone, it’s likely that it’s already collecting and sharing your geolocation data. On the other hand, because geolocation data is so sensitive, websites and apps have to ask for your permission before accessing it.
What’s server-side data collection?
This is the method of collecting geolocation data via your IP location and address, which identifies a rough estimate of where your laptop or other device is when connected to the internet.
What we call server-side data collection is a lot less accurate than device-based data. This is mainly because its accuracy depends on the Servicer that's storing and analysing the data. It’s very bad at pinning down exactly where you are, but it’s great for identifying which country you’re in.
As its scope is so broad, privacy is not considered to be as relevant, so websites don't need your permission to access your approximate location from your IP address. It’s mostly used to ensure that you can’t access content that's restricted in your country, and to ensure that the content you are viewing complies with national rules and regulations. When you get stopped from watching a foreign YouTube video or catching up on BBC iplayer when you’re abroad, it's down to your IP address exposing you.
What’s geolocation used for and what risks does it pose?
Geolocation data is really useful and works as a pillar for many apps. Simply try switching off location services on your phone and see how many apps stop working optimally. We rely on it for many day to day things, like finding the quickest route to a friend’s new house or scanning through relevant food recommendations from search engines.
When it’s useful to us, and we freely give it, geolocation data can be useful, but at what cost to our privacy?
Geotagging and metadata
If your phone camera has access to your location, it will automatically collect your location data when you take a picture, ‘geotagging’ your photographs so that you can see where they were taken. This information is embedded in the picture (specifically, in its ‘metadata’) and might be widely accessible if you post the picture online.
Geotagged pictures can be used to create compelling features on social media sites such as Flickr. Geotagged pictures allow users to search for pictures based on location, for example. However, this also means that geotagging is an additional reason to be careful when publicly sharing images.
Put simply, geotargeting is a marketing strategy. Advertisers can specify the location they want their advert to be shown in, and when your location data indicates that you are in the right place, you are automatically shown the advert. This is essentially how food delivery apps know to prompt you with restaurants that are close by, and why you seem to always get an advert for a clothes shop just as you walk by the store.
When it comes to advertising, your geolocation data is most valuable when combined with other personal information, such as your purchasing history, age, and interests.
One of the most serious risks posed by geolocation services is someone accessing your location and using it to find or stalk you, in real life. For example, if you’re a user of social media, you should be wary of making your current location public, as anyone can then see where you are. This risk is even greater for children, which is why data collectors must ensure that the geolocation data they gather is protected and secure.
How is your geolocation data protected under GDPR?
Due to its extreme sensitivity, location data is tightly regulated. Any such data must either be anonymous, or the data collector needs your consent to use it.
Services must demonstrate that collecting location data is necessary to the service that they provide. Permission is not legally required if processing location data is part of your core service, but permission is required for any additional services.
Map services for example need to know the user’s location for their core service of displaying relevant maps, although this data should be anonymised. However, they would need your express permission in order to make recommendations about nearby restaurants. Additionally, they should not collect data that is excessively precise. In this sense, if they only need to know the country you’re in, they shouldn’t be collecting the street that you’re on.
Plus, the terms and conditions for the use of your data should be outlined in a privacy notice provided by the website or service in question. It should be easy to access and read, and if anything strikes you as odd, it should be easy to query.
Disabling your geolocation and alternative ways to protect your data
As ever, the best thing you can do to protect your data is controlling who has access to it. To do this, it’s useful to discover which sites, apps and devices are collecting your location data, and what they’re doing with it.
Taking charge of your geolocation data can be pretty straightforward. Familiarising yourself with how to turn location services off on your phone or other personal devices (including smart watches) and checking which apps have permission to access location data, are simple and efficient ways to keep safe.
Although many apps can access your geolocation even when you might least expect it, all apps should allow you the option to only give them access to your location when you’re using the app. This is a particularly good feature for travel apps, maps, and other services which can’t function without your location.
It’s equally important to speak to your friends and family about protecting your geolocation data. If someone tags you in a photo of theirs, and they include the location of the picture, they are disclosing your location as well as their own.
If you want to find out more about who has access to your geolocation data, it’s entirely within your rights, under GDPR law, to ask any company or app what data they have about you. If you tell them to, they also have to delete it within 30 days.
You can do this quickly and easily through Rightly. If you have any questions, please get in touch with our customer support team.
What is data profiling, and how does it affect you?
- DPO's Blog
- Key issues
‘With every click, we’re like Hansel and Gretel leaving our breadcrumbs through the digital woods’
- 3 minutes
How do social media companies collect and use your personal data?
- Key issues
We've gone through the privacy policies of the world's biggest social media companies to find out for you.
- 7 minutes