
A fitness app revealing sensitive locations is a clear example of how apparently harmless data can become a privacy risk. Exercise routes, heat maps and location histories may show where a person lives, works or regularly trains.
The best-known case involved Strava and the publication of activity maps that made it possible to infer movements around military bases and other sensitive areas. The lesson is still relevant for companies, public bodies and users: location data is rarely neutral.
In this article we will discuss...
Why location data is sensitive
Location data may reveal routines, habits, workplace, home address, religious places, health centres or political activity. Even when names are removed, repeated patterns can make people identifiable.
Privacy risks
- Reidentification from repeated routes or timestamps.
- Exposure of home, workplace or sensitive facilities.
- Profiling based on habits and movements.
- Unintended publication through default app settings.
- Combination with social media or public information.
What users should check
- Review privacy settings before using a fitness app.
- Limit public visibility of maps and routes.
- Use privacy zones around home and workplace where available.
- Avoid sharing real-time location unnecessarily.
- Check whether the app allows data export or deletion.
What organisations should learn
Companies and public bodies should consider whether employees may expose sensitive information through personal apps. This does not mean banning technology by default, but it does require awareness, internal guidance and risk assessment for sensitive roles.
GDPR angle
When location data can identify a person, it is personal data. Organisations using apps, wearables or tracking systems should assess the lawful basis, transparency, minimisation, retention and security measures.
Conclusion
Fitness apps can be useful, but location data can reveal much more than a workout. Privacy settings, minimisation and awareness are essential to avoid turning movement patterns into a security problem.