Location data, map tiles, third-party providers: The underestimated privacy risks in geolocation apps
Geovisualizations are now a standard part of modern data analysis. Whether it’s branch networks on a map, real-time delivery routes, or regional sales distributions—hardly any dashboard can do without a map view. Yet behind the seemingly innocuous display of points on a map lie data protection risks that many companies underestimate or simply overlook.
When the map calls home
The core of the problem lies in the architecture of most geo-applications. To display an interactive map, applications load so-called map tiles—small image sections or vector data that, when combined, form the map image. In the vast majority of cases, these tiles come from external services: Google Maps, Mapbox, OpenStreetMap tile servers, or comparable providers.
What is often overlooked here is that every request to an external tile server transmits information. The provider learns which map section is being requested, at what zoom level, at what time, and from which IP address. Taken on its own, this may sound harmless. Taken together, however, it creates a surprisingly detailed picture.
The Mosaic of Metadata
Let’s imagine a typical scenario: A sales manager opens their dashboard in the morning, zooms in on the Munich region, scrolls to a specific neighborhood, then switches to Hamburg and examines individual ZIP code areas there. Each of these steps generates dozens of requests to the map service provider. Aggregated over weeks and months, these data points allow for conclusions to be drawn—about business areas, expansion plans, regional priorities, or even the locations of individual customers.

The metadata generated by such requests typically includes:
- the requested coordinates and zoom levels,
- timestamps of the requests,
- IP addresses and, consequently, potential company locations,
- user agent strings, which allow inferences about the software used, as well as
- for authenticated services, the API keys assigned to a specific customer.
Third-Party Scripts as Blind Spots
The situation becomes even more problematic when geo-libraries not only load map tiles but also include additional JavaScript libraries from external servers. Leaflet plugins, geocoding services, routing APIs—each of these dependencies opens another channel through which data can flow.
In many companies, such third-party integrations do not undergo IT security reviews. They are considered “part of the map” and are not viewed as independent data processing operations. Yet from the GDPR’s perspective, this is precisely what is required: an assessment of which personal data is transferred to which recipients, whether a data processing agreement exists, and whether transfers to third countries—particularly the U.S.—are secured in compliance with data protection regulations.
Geocoding: The Often-Forgotten Reverse Direction
A particularly sensitive area is geocoding, i.e., the conversion of addresses into coordinates. When a BI tool sends customer addresses to an external geocoding service to display them on a map, personal data is transferred to a third party. Depending on the service, this occurs unencrypted, without a data processing agreement, and via servers outside the EU.
Even if the addresses do not appear “personal” in the traditional sense—such as a company’s branch locations—they can, when combined with timestamps and usage frequency, reveal insights into business strategies that a company would consider trade secrets.
Legal Gray Area with Real-World Consequences
Since the Schrems II ruling and the increasingly critical stance of European data protection authorities toward U.S. services, the use of Google Maps, Mapbox, and similar services in business-critical applications is no longer just a theoretical risk. Several European supervisory authorities have in the past objected to the integration of Google Maps on websites because it occurred without the informed consent of users.

While the situation in internal BI applications differs from that on public websites—there are no external visitors whose consent would need to be obtained—the fundamental requirements remain the same: data minimization, transparency regarding the processors used, and a valid legal basis for transfers to third countries.
What Companies Can Do
Those who wish to operate geo-visualizations in compliance with data protection regulations essentially have three options:
First, the choice of map service. Not every use case requires Google Maps. Open-source alternatives such as OpenStreetMap, combined with self-hosted tile servers, allow for complete control over the data flow—though this comes with significant operational overhead.
Second, the caching and storage of map data. Storing map tiles locally instead of reloading them from the provider with every request significantly reduces data transfer. However, the licensing models of many map providers restrict this approach.
Third, the architecture of the application itself. When geocoding, routing, and map rendering occur on the server side rather than in the individual user’s browser, touchpoints with external services can be centrally controlled and minimized.
Local Map Data as a Strategic Advantage
This is precisely where an approach comes into play that is still surprisingly rarely discussed in the BI world: the use of locally stored map data. Instead of contacting external servers for every map interaction, map tiles and geodata can be stored entirely within one’s own infrastructure. This not only eliminates data protection risks but also offers practical advantages—faster loading times, independence from internet connectivity, and full control over the map data.
RISE Analytics: Geo-visualization with local map data
RISE Analytics has taken this concept to its logical conclusion. The business intelligence product offers comprehensive geo-visualization capabilities while relying on locally hosted map data. This means that neither user interactions nor the displayed business data ever leave the company’s own infrastructure.
For companies analyzing sensitive location data—whether customer distributions, branch networks, catchment areas, or regional market analyses—this is a crucial difference. Geo-visualization thus becomes a purely internal matter, without dependence on external map service providers and without the data protection issues that their use inevitably raises.
Especially in regulated industries such as the financial sector, healthcare, or the public sector, where strict requirements for data sovereignty exist, this architectural approach makes the difference between data analysis that is theoretically compliant with data protection regulations and data analysis that is truly sovereign. Anyone who takes their geodata seriously should also take seriously where the map is “calling.”
Interesse am Thema? - Reden Sie mit uns!
Get in touch