European UnionAn app tracks my location constantly. Is this proportionate data collection?
Constant location tracking by an app is generally not proportionate unless strictly necessary for a specific, legitimate purpose and users have given informed, granular consent.
What the Law Says
Under EU law, collecting location data constantly must comply with core data protection principles — especially necessity, proportionality, and purpose limitation.
The General Data Protection Regulation (GDPR) requires that personal data be 'adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed' — this is the principle of data minimisation.
Location data qualifies as personal data under GDPR because it can identify or single out an individual, especially when collected continuously over time.
Processing such data lawfully requires a valid legal basis — most commonly, freely given, specific, informed, and unambiguous consent (Art. 6(1)(a)). Consent must be granular: users cannot be forced to accept constant tracking to use basic app functionality.
If location data reveals sensitive information (e.g., visits to health clinics or places of worship), it may also fall under special category data rules (Art. 9), requiring even stricter conditions.
Statutory TextPersonal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
— Regulation (EU) 2016/679, Art. 5(1)(c) — Principles relating to processing of personal data
Statutory TextProcessing shall be lawful only if and to the extent that at least one of the following applies: (a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
— Regulation (EU) 2016/679, Art. 6(1)(a) — Lawfulness of processing
Statutory TextProcessing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation shall be prohibited.
— Regulation (EU) 2016/679, Art. 9(1) — Processing of special categories of personal data
What to Do
Check the app’s privacy notice: Does it clearly explain *why* constant location tracking is needed — and is that purpose essential to the app’s core function?
Review consent options: Can you disable background/location-when-in-use separately? Pre-ticked boxes or ‘all-or-nothing’ consent are invalid.
Use device settings: On iOS and Android, restrict apps to ‘only while using’ or ‘ask every time’ for location access.
Withdraw consent anytime: Go to app permissions or privacy settings and revoke location access — the app must stop tracking immediately.
File a complaint: If the app refuses basic functionality without constant tracking, report it to your national Data Protection Authority (e.g., CNIL in France, ICO in UK pre-Brexit, or the EDPB).
Sources
Not legal advice. This article is general information based on publicly available sources, written for educational purposes. Laws change and individual situations vary. Consult a licensed attorney in your jurisdiction before acting on anything you read here. Last reviewed: 2026-06-08.