Discover the insights you need to make better decisions today, to shape the future with confidence.
See more
Global Business Districts Attractiveness
Global Business Districts Attractiveness Report 2025
04 Dec 2025Marc Lhermitte
Geostrategic Analysis
Geostrategic Analysis
10 Nov 2025Oliver Jones
Futures Reimagined
Megatrends 2026 and beyond
EY podcasts
EY webcasts
Case studies
EY helps clients create long-term value for all stakeholders. Enabled by data and technology, our services and solutions provide trust through assurance and help clients transform, grow and operate.
Customer & Growth by EY Studio+
EY.ai – A unifying platform
Technology transformation
Tax function operations
Climate change and sustainability services
EY Ecosystems
EY Nexus platform
EY wavespace™
Discover how EY insights and services are helping to reframe the future of your industry.
See more
Consulting
How AI innovation powers Microsoft’s finance journey
30 Oct 2025EY Global
Energy resources
How AI drove data optimization for oil and gas capital projects
06 Aug 2025EY Global
Strategy and Transactions
Rivada is reimagining wireless internet as a commodity
11 Jul 2025EY Global
See all
We bring together extraordinary people, like you, to build a better working world.
See more
Experienced professionals
Student and entry level programs
Talent community
At EY, our purpose is building a better working world. The insights and services we provide help to create long-term value for clients, people and society, and to build trust in the capital markets.
See more
Press release
EY report indicates CFOs and tax leaders innovating with AI to manage mounting geopolitical turbulence, talent shortages and regulatory developments
18 Nov 2025Renny Popoola
Press release
EY-Parthenon practice unveils neurosymbolic AI capabilities to empower businesses to identify, predict and unlock revenue at scale
10 Sep 2025EY Global
Press release
New era for corporate treasurers as global volatility spurs need to find fresh growth opportunities
18 Sep 2025Emile Abu-Shakra
No results have been found
Topics
General
People
Recent Searches
Trending
What if disruption isn't the challenge, but the chance?
Transform your business and thrive in the NAVI world of nonlinear, accelerated, volatile and interconnected change. Discover how.
Geostrategic Analysis: December 2025 edition
Read the December 2025 Geostrategic Analysis for our take on geopolitical developments and the impact of these political risks on international business.
How can reimagining today's workforce help banks shape their future?
By focusing on four bold imperatives, banks can differentiate in the competition for top talent and drive higher returns on people investments.
Select your location
Partner, Forensic & Integrity Services and EMEIA Innovation Leader
In brief
Our attachment to smartphones has made them the perfect devices to track our movements — providing invaluable data to businesses and governments. Little do we know that many apps on our phones allow location data companies to pinpoint how we spend our days. A New York Times investigation was able to use a data set to track the movements of individuals commuting to their offices, picking up their children at school, and even breaking their routines to go on a job interview.¹
Rising concern over location tracking is just one example of how protecting privacy is becoming increasingly complex. COVID-19 is exacerbating the issue as governments and businesses experiment with new technologies to track and contain the outbreak. These efforts are saving lives, but they also raise fears about intruding on privacy and exposing personal health data.
Privacy management is often seen as the responsibility of compliance and legal professionals, aided by the cybersecurity team. But more and more organizations are realizing that privacy is impacting stakeholders in just about every corner of the organization. Managing privacy risk brought on by location tracking requires a concerted effort that also includes human resources, operations, information security, communications and investor relations.
Did you know that having a weather app on your phone could mean your personal movements are tracked second by second and sold to third parties, even when you’re not using the app? That’s the basis of a 2019 lawsuit filed by the Los Angeles City Attorney’s office. The suit charges that the information on selling data to third parties was hidden in the privacy policy and privacy settings sections of the app, which “the vast majority of users” don’t read.²
Many companies that collect location data claim it doesn’t violate privacy because the data is anonymous, users consent to be tracked, and data is kept securely. But The New York Times investigation shows these claims don’t always hold up to legal or regulatory scrutiny. For example, pings showing a daily route from a house to an office easily identify a person.
While phone apps supply much of the tracking data sold to third parties, cellular companies are also under fire. The four largest US cellphone carriers promised to stop selling location data in 2018, but two years later, the US Federal Communications Commission (FCC) proposed hundreds of millions of dollars in fines because the carriers were found to continue selling customer data and violating agency rules to protect personal information.³
The COVID-19 crisis led some governments to launch phone apps with geolocation tracking to trace an individual’s contacts, and to determine whether they are complying with quarantine and social-distancing directives. Tracking individuals has helped some countries limit the spread of the virus, but a Guardsquare security analysis of 17 government tracking apps found the “vast majority” are easy for hackers to breach.⁴
Human rights groups are concerned these apps are too invasive and could be used beyond the pandemic. For example, Norway’s Data Protection Agency banned its country’s tracking app after determining it collected far more data than needed.⁵
Businesses are also exploring new technologies to protect the health of their employees, using smartphone apps, cameras or wearable Bluetooth devices to monitor employee movement at work. If an employee tests positive for COVID-19, the company can quickly identify employees who came close to the infected worker. While many countries allow employers to track employees during work hours, privacy advocates fear surveillance could be extended around the clock and continue long after the crisis ends.
The pandemic has also raised privacy concerns around employee health data. A survey by the published in May 2020 found nearly a quarter of businesses have taken their employees’ temperatures and 60% keep records of those diagnosed with COVID-19. Nearly one in five provided the names of COVID-19-positive employees to other staff or government authorities, contrary to the advice from the European Data Protection Board.⁶
The rising interest in protecting privacy has led to new regulations around the world. One of the most influential statutes, the EU’s General Data Protection Regulation (GDPR), treats location data as personal data. This means users must specifically and freely agree to location tracking, rather than opting out.
Location tracking is also addressed by the California Consumer Privacy Act (CCPA), which the state began enforcing in July 2020. Under the CCPA, California residents can opt out of having their personal information, including geolocation data, sold to third parties. While the law covers only state residents, many large firms are extending its rights to all Americans. California’s Attorney General estimates businesses will spend more than US$55 billion to comply with the CCPA.⁷
Addressing privacy risks related to location tracking goes beyond the scope of legal and compliance departments. It requires flexibility and agility as organizations respond to fast-evolving technological and regulatory environments. Cross-functional collaboration is essential.
Legal and compliance professionals should take the lead in working with other functions — particularly IT departments — to help them identify, monitor and mitigate risks. Talent management should focus on employee education and communication so that, when used, location tracking doesn’t compromise employees’ privacy and its objective is well-understood by employees. Information security and technology professionals need to stay on top of the rapidly evolving technologies to understand their impact and potential risks. Above all, privacy by design should be woven into the organizational culture.
Businesses need to keep privacy concerns in the forefront as they develop products or services that involve location tracking features. If not managed well, location tracking can become a huge liability that runs the risk of regulatory noncompliance, lawsuit, reputation damage, employee discontent and revenue loss. If managed well, location tracking can enhance product capability, boost service delivery, and protect employees and the organization.
Location tracking is becoming an important privacy concern, as it is increasingly used in many software applications that dominate our daily personal and business lives. The COVID-19 pandemic has heightened the issue as governments and organizations race to contain the spread of the virus. Businesses that hastily made operational changes during the pandemic, such as tracking employee movements or sharing personal health data, need to carefully evaluate their impact on privacy.
Compliance professionals should work collaboratively across the enterprise to mitigate risks around location tracking, whether the business markets data to other businesses or the organization performs location tracking on employees for internal purposes. These risks can result in regulatory and legal actions, data breach, diminished employee morale and privacy concerns, as well as damage to the brand.
Adhering to data privacy regulations can be expensive and challenging. But businesses that manage location tracking activities transparently and securely will discover a competitive advantage as privacy protection becomes more important for both consumers and employees. We may love our phones, but we don’t want them spilling our secrets.
Location tracking in software applications used in our work and personal lives not only threatens privacy, but may have legal ramifications. As enterprises rapidly adopt new technology to protect employees and businesses during the COVID-19 pandemic, departments need to collaborate across their normal functions to address and combat the legal, compliance and information security risks.
About this article
Related article
GDPR compliance: how data analytics can help
Can advanced analytics help organizations make the transition to a new era of data privacy and protection?
How EY can help
Privacy & Cyber Response
Our Privacy & Cyber Response professionals can help your business navigate through complex cyber attacks. Learn more.
Assurance services
Learn more about how our Assurance teams serve the public interest by promoting trust and confidence in business and the capital markets.
Digital law
Our digital law team can help you identify risks and meet challenges in data and cyber, digital IP, digital regulatory law and e-commerce law. Learn how.
Privacy
Discover how EY can help your business address a number of privacy challenges such as identity theft, brand & reputation damage, litigation and much more.
EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
