Quiz Entry - updated: 2026.06.07
What core data-protection principles for location data do standards like the Open Mobile Alliance and IETF Geopriv define?
Collect only what's needed, require informed (revocable) consent, bind use/disclosure to that purpose (prefer pseudonymity), and secure then delete the data once the service is fulfilled.
Four foundational principles for handling location data:
- Limit data collection: gather location only when the location is genuinely needed to provide a service — no precautionary mass storage ("Vorratsdatenspeicherung").
- Informed consent: obtain the data subject's informed consent before collection, and it must be possible to withdraw any consent at any time.
- Purpose binding for use & disclosure: processing and disclosure stay limited to what consent covers; use pseudonymity where the service doesn't strictly need the user's identity.
- Security & deletion: protect the data and delete it once the requested service is delivered (or aggregate it with consent) — no unlimited storage.
Tip: "Need it to deliver the service, get consent, use it only for that, then delete it" — these are essentially the GDPR principles of data minimisation, purpose limitation, and storage limitation applied to geodata.