ISO 27701 certification doesn’t guarantee a company is privacy-friendly. It only certifies their processes for managing privacy data (PIMS), not how they actually treat your privacy.
Many companies with questionable privacy practices, like Alibaba, Microsoft, NordVPN, Oracle, Tencent, and Tinder, are ISO 27701 certified. Having a certified system doesn’t prevent bad privacy practices. Also, ISO 27701 (and ISO 27001) aren’t proof of GDPR compliance.
When assesing Here WeGo’s privacy policy, it doesn’t seem to offer any significant privacy advantage over something like Google Maps or Bing Maps.
Are you sure? Just compare the Play Store summaries:
Google Maps → collects pretty much anything it can, though some things are optional, and for many things, including your location, one of the purposes given is “advertising or marketing”
HERE → everything is optional and the only thing used for “advertising or marketing” is the email address if you sign up for an account (which you shouldn’t and don’t need to); location data is only used for “app functionality” i.e. traffic info
Here captures location content such as road networks, buildings, parks and traffic patterns. It then sells or licenses that mapping content, along with map related navigation and location services to other businesses such as Alpine Electronics, Garmin, BMW, Oracle Corporation and Amazon.com. This third-party licensing constitutes the core of the firm’s business.[1] In addition, Here provides platform services to smartphones through Here WeGo app.[2][3] It provides location services through its HERE applications, and also for GIS and government clients and other providers, such as Microsoft Bing (from 2012 through 2020), Meta Platforms, Yahoo! Maps, and the Samsung Gear S2 (and earlier models) maps app.[4][5]
So I’m pretty sure that 100% of their income comes from B2B (business to business) and the Here WeGo app is just offered for free to consumers for brand-building and improving the traffic data. (Note that HERE is owned by a consortium of German automakers so they probably use the same data for their built-in navigation systems.)
It’s similar to Magic Earth (another navigation app) where they say:
What is the business model?
Magic Earth is free for all our end-users but we also have a paid Magic Earth SDK for business partners. For instance Selectric.de (a supplier for navigation solutions for ambulances and fire trucks), Smarter AI (developing ADAS systems) or Absolute Cycling (using the platform on bicycles). For more info on the SDK, you can check magiclane.com.
Indeed, their privacy policy is slightly better to that of Google Maps, as Here WeGo gathers more data in an anonymized manner. However, what I mean to convey is that it still falls significantly short of being truly privacy-conscious in any real sense. So one could just use Google Maps.
if they anonymize the data (even if the location data are not 100% anonymizable) and do not use it for advertising or marketing, I think this would meet the thread model of many users
I think I would much prefer it to use Google Maps Undoubtedly
however, a service like Organic Maps it is preferable because it is Open source and have better anonymity, but obviously lacks important features and updated maps in some areas.
To be clear, while Here WeGo anonymizes some of the data it collects, they still gather a significant amount of identifiable user data, such as account information, usage patterns within the app, and device details. Therefore it is really not to be considered as privacy-friendly.
Critically, while they generally avoid using this personal data for targeted advertising, they do display advertisements based on contextual information, like your current location.
only if you create one, which is quite unnecessary
I don’t think anyone would claim that HERE is the best in terms of privacy, but it is a good balance between usability and privacy. Like, Google Maps is surely the best app overall, but much less private than HERE. And Organic Maps or OSMand are much more private than HERE, but lack some functionality that might be very essential for some. For me it’s the traffic info for example, including live re-routing if the situation changes.
So I would argue for having it listed but in an “additional options” subsection like it’s currently done for some of the instant messengers (link)
If you wish not to share your location with the advertising network, you can choose do so in the app settings under ‘Location-based ads’. If you wish to change your settings related to behaviourally profiled advertising, you can always do so from your device settings. Note that in any case you may still receive ads, but just not profiled.
As for usage patterns and device information so that they don’t use them to track you (but I could be wrong since I gave a quick check to the policy) I think it’s fine at least for me
I don’t think there will ever be a service, at least in the near future, that offers traffic and other useful information like HERE
definitely not to be added to the main section of privacy guide as Regime6045 says, but it seems like an excellent exchange for privacy and usability.
HERE WeGo is a proprietary app made by HERE Technologies, a company owned by a consortium of multiple German automakers as well as Intel. The app’s features include turn-by-turn navigation for walking, cycling and driving as well as using public transport, live traffic information, speed camera warnings, terrain and satellite maps, the ability to download maps for offline use, and shop info such as opening times or Yelp reviews.
The app can send your location data in order to provide real-time traffic information, but this is an opt-in feature and the data is anonymized (not linked to your personal identity).
Unlike the previous recommendations, HERE WeGo uses its own proprietary map data and is therefore a good option for users who live in regions where OpenStreetMap is insufficient. In fact, HERE’s map data is used by several car manufacturers for their built-in navigation systems.
For someone who needs traffic data, is there ever a situation where Magic Earth would be better than Here WeGo or vice versa? I think we should pick one unless someone has a compelling reason both should be recommended.
And why recommend only one, PG offers several different recommendations for password managers, browsers, search engines, etc., let’s put them both, OM and Osmand apart from when travelling for offline mode and for contributing to OSM are useless without real-time traffic, you have to stop forcing 100% open source in all circumstances. Putting in both will prevent some users from using much worse software like GMaps.
I don’t know what you are talking about. Neither Here WeGo nor Magic Earth are open source, yet I am quite clearly open to one of them being added. In the future, please read messages before responding to them.
They are objectively speaking not useless without real-time traffic since they fulfil their purpose of navigation nonetheless. Traffic data is also not nearly as important as you think it is. Most people drive the same routes very often, and traffic is extremely predictable.
The purpose of Privacy Guides is not and will never be to recommend alternatives to Google Maps or other privacy-invasive products at all costs. In the absence of a suitable product to recommend, rather than lowering the standards to accommodate a subpar option, no recommendation will be made.
You’re learning to read, I said we should stop “forcing 100% source whatever happens” so that means I’m in favour of adding Magic Earth and Here WeGo to PG.
The aim of PG is to offer ‘preferred’ open source alternatives that respect privacy.
What’s more, no matter how hard you try and say the opposite, a mapping application without real-time traffic isn’t much use, and I know this because I only use OM to contribute and to drive around town.
As I’ve mentioned before, I don’t believe HERE WeGo should be recommended because it’s not really privacy-friendly. Just being better than Google Maps or Bing Maps doesn’t meet our criteria. In fact, even Apple Maps offers a more favorable privacy policy in my opinion.
Must not collect PII per their privacy policy.
Must not require users to create an account with them.
Must not require users to share location data. If the user opts in to sharing their location, this data must be anonymized.
Must retain core functionality when offline and allow users to download maps for offline use.
Anyways, I do see both @phnx’s point and your point on whether it’s worth adding multiple closed source navigation apps here.
Personally, there is still a need for us to review these proprietary options before making a solid recommendation for either Magic Earth or Here WeGo. If we do decide to include both, there must be a really good reason to do so.
All that requires personal testing of both apps and see how the user experience differs.
The Service may include provision of location based advertising or other similar content. For example if you ask for weather information you may be served with advertising content tailored to that location.
The Service may also include behaviorally profiled advertisements. For the purposes of providing relevant advertisements to you, we may share your device specific advertising ID to advertising networks.
If you think it’s best to only have one proprietary option, in that case I’d personally go with HERE WeGo, because it has its own map data and generally more features. Magic Earth is very similar to Organic Maps or OSMand as it also uses OSM data for the maps, which can be low quality in some countries or regions.