Data Broker Report Finds EU Officials’ Location Data for Sale, Characterized as a ‘Priority Security Threat’
Published
- Data for sale: A report reveals that granular phone location data of top European Union officials is being sold by commercial data brokers.
- Widespread tracking: A sample dataset contained millions of location points from Belgium, including those from officials at the EC and Parliament.
- Security concerns: EU officials have expressed concern over the findings and have issued new guidance to staff to mitigate location tracking risks.
An investigation by European journalists has uncovered that sensitive phone location data belonging to top EU officials is commercially available through data brokers. The report found it was alarmingly easy to obtain and analyze location histories that could be used to spy on officials working in sensitive areas of the European Union.
Location Tracking Vulnerabilities in Practice
The findings come from a joint investigation with Bayerischer Rundfunk, L'Echo (Belgium), Le Monde (France), and BNR (Netherlands) as part of the “Databroker Files.” Netzpolitik journalists obtained a free sample dataset from a data broker that contained 278 million location data points from millions of phones around Belgium, TechCrunch has reported.
Within this massive dataset, they identified thousands of location markers from hundreds of devices used by officials in and around the European Commission (EC) headquarters and the European Parliament.
This commercially available data is often collected by ordinary mobile apps supposedly only for advertising purposes and sold to a sprawling, billion-dollar data broker industry.
The ease with which this information was accessed demonstrates severe location tracking vulnerabilities that can be exploited for espionage or other malicious purposes.
These findings raise significant data brokers privacy concerns and highlight major security risks for government personnel, even in a region with robust data protection laws.
Questions Raised About GDPR Enforcement
The revelation that the private movements of high-level government officials can be purchased has prompted a concerned response from the EU, which has issued new guidance to its staff.
The incident brings the effectiveness of GDPR enforcement into question, as data protection watchdogs have been criticized for slow action against the data broker industry. “In view of the current geopolitical situation, we must take this threat very seriously and put an end to it,” said Axel Voss (CDU) from the conservative EPP group.
Despite Europe having some of the world's strongest privacy regulations, the report indicates a significant gap between the law and its practical application, allowing a thriving market for sensitive personal data to persist.
In October, a China-linked espionage campaign targeted European diplomatic entities, while a June report signaled a ‘Mobile Security Crisis’ attributed to Chinese hackers exploiting smartphone flaws and user lapses.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular