ISO 27701 certification doesn’t guarantee a company is privacy-friendly. It only certifies their processes for managing privacy data (PIMS), not how they actually treat your privacy.
Many companies with questionable privacy practices, like Alibaba, Microsoft, NordVPN, Oracle, Tencent, and Tinder, are ISO 27701 certified. Having a certified system doesn’t prevent bad privacy practices. Also, ISO 27701 (and ISO 27001) aren’t proof of GDPR compliance.
When assesing Here WeGo’s privacy policy, it doesn’t seem to offer any significant privacy advantage over something like Google Maps or Bing Maps.
Are you sure? Just compare the Play Store summaries:
Google Maps → collects pretty much anything it can, though some things are optional, and for many things, including your location, one of the purposes given is “advertising or marketing”
HERE → everything is optional and the only thing used for “advertising or marketing” is the email address if you sign up for an account (which you shouldn’t and don’t need to); location data is only used for “app functionality” i.e. traffic info
Here captures location content such as road networks, buildings, parks and traffic patterns. It then sells or licenses that mapping content, along with map related navigation and location services to other businesses such as Alpine Electronics, Garmin, BMW, Oracle Corporation and Amazon.com. This third-party licensing constitutes the core of the firm’s business.[1] In addition, Here provides platform services to smartphones through Here WeGo app.[2][3] It provides location services through its HERE applications, and also for GIS and government clients and other providers, such as Microsoft Bing (from 2012 through 2020), Meta Platforms, Yahoo! Maps, and the Samsung Gear S2 (and earlier models) maps app.[4][5]
So I’m pretty sure that 100% of their income comes from B2B (business to business) and the Here WeGo app is just offered for free to consumers for brand-building and improving the traffic data. (Note that HERE is owned by a consortium of German automakers so they probably use the same data for their built-in navigation systems.)
It’s similar to Magic Earth (another navigation app) where they say:
What is the business model?
Magic Earth is free for all our end-users but we also have a paid Magic Earth SDK for business partners. For instance Selectric.de (a supplier for navigation solutions for ambulances and fire trucks), Smarter AI (developing ADAS systems) or Absolute Cycling (using the platform on bicycles). For more info on the SDK, you can check magiclane.com.
Indeed, their privacy policy is slightly better to that of Google Maps, as Here WeGo gathers more data in an anonymized manner. However, what I mean to convey is that it still falls significantly short of being truly privacy-conscious in any real sense. So one could just use Google Maps.
if they anonymize the data (even if the location data are not 100% anonymizable) and do not use it for advertising or marketing, I think this would meet the thread model of many users
I think I would much prefer it to use Google Maps Undoubtedly
however, a service like Organic Maps it is preferable because it is Open source and have better anonymity, but obviously lacks important features and updated maps in some areas.
To be clear, while Here WeGo anonymizes some of the data it collects, they still gather a significant amount of identifiable user data, such as account information, usage patterns within the app, and device details. Therefore it is really not to be considered as privacy-friendly.
Critically, while they generally avoid using this personal data for targeted advertising, they do display advertisements based on contextual information, like your current location.
only if you create one, which is quite unnecessary
I don’t think anyone would claim that HERE is the best in terms of privacy, but it is a good balance between usability and privacy. Like, Google Maps is surely the best app overall, but much less private than HERE. And Organic Maps or OSMand are much more private than HERE, but lack some functionality that might be very essential for some. For me it’s the traffic info for example, including live re-routing if the situation changes.
So I would argue for having it listed but in an “additional options” subsection like it’s currently done for some of the instant messengers (link)
If you wish not to share your location with the advertising network, you can choose do so in the app settings under ‘Location-based ads’. If you wish to change your settings related to behaviourally profiled advertising, you can always do so from your device settings. Note that in any case you may still receive ads, but just not profiled.
As for usage patterns and device information so that they don’t use them to track you (but I could be wrong since I gave a quick check to the policy) I think it’s fine at least for me
I don’t think there will ever be a service, at least in the near future, that offers traffic and other useful information like HERE
definitely not to be added to the main section of privacy guide as Regime6045 says, but it seems like an excellent exchange for privacy and usability.