Location data of high-ranking EU officials for sale online

The location data of millions of mobile phones in Belgium is for sale online, including that of high-ranking European Union officials. BNR discovered this in an investigation into data brokers selling location data from smartphone apps.

BNR researchers, working with international partner media, received location data on 2.6 million phones in Belgium from data brokers. It contained 278 million coordinates, including those in Brussels, from several weeks in 2024 and 2025. This data was free samples from data brokers; much more is available for a fee. Although the data doesn’t contain phone numbers or names, movement patterns easily revealed the identities of individuals behind them.

For example, the researchers traced 756 phones in the European Parliament and 264 in the European Commission’s headquarters. They also traced phones from other EU institutions, including the European External Action Service and the Council of the European Union. 453 phones were located in the NATO headquarters. The data was sometimes so specific that the researchers could identify exact offices.

The research team used the data to identify the names and addresses of five active and former EU officials, including a senior European Commission official and a high-ranking diplomat from an EU member state. Two confirmed that the collected data matched their home addresses, workplaces, and travel history. The others did not respond to BNR’s questions.

The data comes from app users - sometimes unknowingly - giving permission to share their app location. App developers then sell this data to advertising companies, which sometimes resell it to data brokers. The key is the Mobile Advertising ID (MAID), a unique number that Apple and Google associate with each smartphone. Every location is linked to this ID, allowing for the construction of a complete movement profile.

“I have rarely seen such an unresolved problem in the field of cybersecurity,” cybersecurity expert Bart van den Berg of the Clingendael Institute told BNR. “We are very critical of the government in its handling of personal data, yet we allow everyone to track us constantly.” He pointed out that this data can be used to identify staff routines. “It also increases the risk of espionage, sabotage, and blackmail.”

“Whatever companies claim: this data is not anonymous,” and was “very likely” obtained illegally, Floor Terra of the Privacy Company told BNR. “It can clearly be traced back to individuals. You can only collect such data with informed consent, and people must also know how to have their data deleted. I suspect no one here knows that.”

A spokesperson for the European Commission called BNR’s findings “worrying” and said it was up to national authorities to determine whether EU privacy laws are being violated. “The Commission stands ready to cooperate with those authorities.”

A NATO official told the broadcaster that the alliance is “fully aware” of the risks and has taken measures to mitigate them. The official did not elaborate on the measures and told the researchers not to publish any location information.