Google Maps for iPhone violates European data protection law, German watchdog says
The issue is that the option to share location data is on by default, says the Independent Centre for Privacy Protection Schleswig-Holstein
IDG News Service - When users install Google Maps on their iPhone, the option to share location data with Google is switched on by default. By doing this, Google violates European data protection law, according to a German data protection watchdog.
Google Maps for iPhone appeared in the App Store on Wednesday and was welcomed by many after Apple stumbled with its own maps application. Google Maps quickly became the most popular free app in the App Store.
However, the option box next to the text is switched on by default, which isn't allowed by European data protection law, said Marit Hansen, deputy privacy and information commissioner at the Independent Centre for Privacy Protection Schleswig-Holstein, Germany, in an email.
She said Google's definition of "anonymous" doesn't guarantee users complete anonymity. "All available information points to having linkable identifiers per user," which would allow Google to track several location entries, she said.
"This is clearly not anonymous," she said, adding that she had to assume that Google's "anonymous location data" is still "personal data" under European data protection law.
When a company wants to process personal data, users have to give informed consent instead of opting out, she said. "So I conclude that the current implementation is not compliant with current European data protection law, even if Google now offers an opt-out possibility," Hansen said.
In January, the Dutch Data Protection Authority (CBP) ruled that navigation service TomTom could only gather and process anonymous geolocation data it uses to map traffic after prior consent is given by the user, "because geolocation data are sensitive personal data." According to the CBP, TomTom could use the location data to deduce where someone supposedly lives.
"Such data are therefore to be regarded as personal data. When Google collects such data about routes traveled, it collects personal data for which consent must be obtained," Mark Jansen, a lawyer who specializes on IT issues, told IDG News Service partner Webwereld.
"The only basis for this processing seems to be consent. That means at a minimum that a pre-ticked box is not sufficient," he said.
This kind of data processing is also being discussed on a European level by the Article 29 Working Party, which is made up of data protection commissioners from each European Union member states, Hansen said. Her organization is part of the group, which she expects will discuss the issue further. She hopes that non-European users will also "question the behavior of companies that do not inform users properly and prefer opt-out over opt-in."
- Timeline: How Apple's iOS gained enterprise cred
- China calls the iPhone and iOS 7 threats to national security
- Dev interest in OS X Yosemite is 4X what it was for Mavericks in '13
- The Pangu jailbreak for iOS could turn into a sinister attack
- Apple nails Health timing as fitness app usage soars
- Developer demos iPad split-screen in photos, video
- Microsoft should grab Apple's 'Handoff' for Office
- Developer discovers split screen in iOS 8 code
- Apple opens up iOS, struts Mac-iPhone-iPad integration
- iOS 8 split-screen hints at iPad's enterprise ambition
- Warning: Cloud Data at Risk Experts agree that relying on SaaS vendors to backup and restore your data is dangerous. Yet that's exactly what huge portions of the...
- The Opportunities and Challenges of the Cloud In this report F5 poses questions to IDC analysts, Sally Hudson and Phil Hochmuth, on behalf of F5's customers to better understand the...
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- The Truth About Cloud Security "Security" is the number one issue holding business leaders back from the cloud. But does the reality match the perception?
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!