Movement profiles – precise location as collection of sensitive data

The storage of detailed positioning data carries the risk of processing sensitive personal data in accordance with Art. 9 GDPR. The use of mobile devices generates a huge number of precise location data, which is also playing an increasingly important role in marketing. These location data can, however, easily provide information on particularly sensitive information about the smartphone user. Nowadays almost everyone carries the smartphone permanently around and thus often guarantees a complete recording of the persons’ territorial movements and the duration of stay at places. This is completely independent of GPS positioning, and can also be achieved by Wifi, Bluetooth and radio cell positioning. As harmless as a walk in the park can be as a data record, visiting an oncological practice can be as critical and allows conclusions to be drawn about health data. Numerous practical examples such as a visit to a church, a psychiatric clinic, a drug counselling centre or participation in a trade union demonstration generate sensitive personal data in accordance with Art. 9 GDPR. The US Navy 2018 experienced a particularly explosive example of the significance of these data records. The records of the customers of a fitness tracker provider publicly accessible on the internet clearly showed the military bases of the special unit Navy SEALs in Afghanistan. Several of the soldiers stationed there regularly jogged around the military base with fitness trackers.