Is GPS positioning data personal information? If someone steals a GPS in the car...

Let's see what the EU does

The European Union included location information in the Directive on Privacy and Electronic Communications in 2002, and then the General Data Processing Regulation (GDPR) issued in 2018 also included location information. Protect. The European Data Protection Board has even issued guidelines on how governments should use location information during the covid-19 outbreak.

Restrict the government's legitimate use of personal location information only for the following two specific purposes (to effectively control the overall epidemic, infection tracking), to ensure that the government will not arbitrarily collect the paths of citizens in the name of controlling the epidemic. Use for other purposes.

1. using location data to support the response to the pandemic by modelling the spread of the virus so as to assess the overall effectiveness of confinement measures;

2. contact tracing, which aims to notify individuals of the fact that they have been in close proximity of someone who is eventually confirmed to be a carrier of the virus, in order to break the contamination chains as early as possible.

Guidelines 04/2020 on the use of location data and contact tracing tools in the context of the COVID-19 outbreak

look back at Taiwan

First of all, Chinese laws have not explicitly assigned personal location data, whether it is the location data on the mobile phone device or the GPS location information in the vehicle, to a clear role. Therefore, whether recording the location information of others will constitute the crime of obstructing confidentiality, or whether it constitutes a violation of the Personal Data Protection Law, the court has different judgment directions.

However, with the verdict of the GPS-caught affair in the Xinguang Princess case, the court clearly stated that stealing GPS would clearly constitute the crime of obstructing secrets. And if the location data of the user's terminal equipment is used, the collection unit (public or non-government agency) can identify the specific individual by comparing, combining or linking with other data they have at hand, then the location data is personal data. The collection, processing, and use must comply with the Personal Data Protection Law, have a specific purpose, and must comply with the statutory reasons listed in the Personal Information Law (for example, based on a contractual relationship or with the consent of the subject). And it needs to be processed and used, and it must be within the scope of the current collection purpose.

On the contrary, if the collecting unit cannot identify the specific individual after combining it with the data at hand, the location information does not belong to personal data and is not bound by the Personal Data Protection Law.

With the increasing awareness of personal data, regardless of the purpose of collecting other people's location data, if Taiwan does not pay attention to the norms of the Personal Data Protection Law, Criminal Law, and Civil Law, it is likely to violate the law and bear the relevant criminal responsibility.