Data brokers selling location info that can be used to track EU officials, report finds

A group of European reporters said they easily obtained location data for hundreds of European Commission workers using free datasets obtained from brokers, raising questions about the efficacy of Europe’s tough digital privacy laws.

The probe, published Tuesday by a coalition of European news outlets, relied on datasets that included about 5,800 location points for 756 devices in Europe’s Parliament. Some 2,000 location “pings” were pulled from 264 devices in European Commission headquarters.

A spokesperson for the European Commission told the journalists that officials are “concerned with the trade of geolocation data from citizens and Commission officials.“ The body also issued new guidance to its staff about how to disable ad tracking settings on devices and has informed member states’ Computer Security Incident Response Teams (CSIRTs) about the findings, the spokesperson said.

The data sample the journalists obtained reportedly also featured location histories for some of the European Commission’s top officials.

One “movement profile” obtained showed a European Parliament employee’s daily commute, including stops at a restaurant and supermarket.

Even though the data samples were far more limited than what a paying customer could access, the reporters were able to find the private addresses of five people who work or have worked for the EU, three of whom are or were in “senior positions.”

While the European Union’s General Data Protection Regulation is the world’s toughest digital privacy law, the continent has been slower to regulate data brokers.