In Search of Locational Privacy

Let's compare privacy policies to see what the various map smartphone apps (Google Maps, Waze, OSMand) collect about your location.

Locational data is impossible to anonymize. It is the most dangerous data to your personal privacy.

Imagine a tuple of location-time pairs: A grocery store, a street corner, a residence. All that is known is that an unknown individual was at each of these locations at the associated time.

Can the residence address be associated with you? Could someone have snapped a photo of you on the street corner? Does the grocery store have a security camera?

As you know, technology companies mine data from public records; including publicly-available property data. Many companies store vast quantities of their users' photos, associated with location and time data. Some companies sell devices with cameras and microphones and retain these data.

Your locational data are obviously easy to personally identify you! No matter what you do, you will gradually lose your locational privacy due to advances in facial recognition and cloud storage technologies. But you can reclaim some privacy by keeping your locational data to yourself!

[N.B. I am not an attorney, and this is not legal advice. This is my interpretation of the "privacy policies" of some map software products.]

OSMand

  • Company based in the Netherlands (good)
  • Privacy policy is short and unambiguous

Company aggregates non-personal data which cannot identify a user. Such data includes the apps' installs, the frequency of the launches and the use of different screens in the application. We also collect non-personalized data about the devices' models, software versions, the countries where the application is used, and the language. Also, the users may be asked to leave an email to get access to certain additional features.

We strongly believe in the principle of data protection and safety, thus, the Company does not collect, store, process or transfer any personal information of users besides the cases when such information is provided by the users with their clear consent.

This should be sufficiently clear. Any location data can uniquely identify an individual person. Therefore, it should follow that OSMand does not collect any location data.

Ideally an independent auditor would verify that OSMand's releases do not transmit any personal data. But with the company based in the Netherlands, and given the EU's strong stance on personal data privacy, I'm reassured by this company's privacy policy.

Summary: potential privacy.

Waze

Their privacy policy is long, but it's easy enough to locate the deal-breaker:

The activity information we collect may include:

Detailed location, travel and route information.

Summary: no privacy. Moving on...

Google

If you've never read Google's privacy policy, you can probably guess what it entails. Google collects all of your data, and associates it with your Google account (if signed in), or with a unique personal identifier (otherwise). They may use your data for a variety of purposes, each so broad and ambiguous, to include virtually any use imaginable.

Summary: surely you didn't expect privacy from Google; because you have none.