**Summary: European Journalists Expose How Data Brokers Enable Surveillance of EU Officials Despite Strong Privacy Laws**
A recent investigation by European journalists has revealed alarming vulnerabilities in data privacy, showing that even top European Union (EU) officials are not immune to being tracked and surveilled through the commercial trade of mobile phone location data. This discovery comes as a surprise given that Europe is widely regarded as having some of the strictest data protection rules in the world, particularly under the General Data Protection Regulation (GDPR).
**Journalistic Investigation Uncovers Sensitive Data Exposed**
The situation came to light when a coalition of journalists, reporting through the German outlet Netzpolitik, acquired a massive dataset from a data broker. The data was offered as a free sample and contained an astonishing 278 million location entries, representing the movements of millions of people in Belgium and, more specifically, around Brussels—the heart of EU administration.
The journalists found that the data, gathered primarily from ordinary apps installed on users’ smartphones, included highly detailed location histories of individuals working in sensitive government positions. This included officials at the European Commission, the body that manages day-to-day business for the EU, as well as members of the European Parliament. In their analysis, the reporters identified hundreds of devices belonging to people working in and around EU institutions. For example, they pinpointed 2,000 specific location markers from 264 officials’ devices and about 5,800 markers from over 750 devices within the European Parliament alone.
**How Commercial Data Brokering Works**
The mechanism behind this data exposure is both simple and concerning. Many widely-used mobile apps collect users’ location data, ostensibly for improving user experience or providing location-based services. However, this data is frequently sold to data brokers—companies that aggregate, analyze, and resell location information on a massive scale. These brokers then offer this information to a variety of clients, including private companies, governments, and even militaries, often without the knowledge or consent of the individuals being tracked.
**EU Officials Express Concern, Issue Guidance**
The findings have prompted concern among EU officials, who have acknowledged the risks posed by the trade in both citizens’ and officials’ location data. In response, they have issued new guidance to staff aimed at mitigating the risk of tracking. While the specifics of this guidance are not detailed in the report, it likely includes recommendations for limiting location sharing on devices, being cautious about app permissions, and possibly using privacy tools or settings to anonymize device identifiers.
**Data Protection Laws and Regulatory Gaps**
Europe’s GDPR is designed to give individuals significant control over their personal data, imposing tough requirements on companies collecting, processing, and selling data. Despite these robust legal protections, enforcement has often lagged behind the rapidly evolving practices of the data brokering industry. Watchdog authorities and regulators have been criticized for not taking swift or decisive action against data brokers, allowing the industry to flourish into a multi-billion-dollar business.
The data brokering industry’s growth, combined