EXIF GPS Data: A Privacy Liability for Photographers
How embedded location metadata in photos creates legal and privacy risks for photographers and platforms.
DM
Dave Miller
Contributing Author · Squoosh Next BlogWhen a smartphone camera captures a photo with location services enabled, it embeds GPS coordinates accurate to within 3–10 meters in the EXIF metadata. This data persists through most social media uploads, cloud storage syncs, and file transfers. Publishing a photo taken at your home with GPS metadata intact reveals your home address to anyone with a hex editor or an EXIF viewer application.
For journalists, activists, or abuse survivors, this presents genuine physical safety risks. For businesses, publishing customer photos with GPS data may violate GDPR Article 9 since precise location combined with a person's image constitutes biometric and location data. Social media platforms strip EXIF on upload, but direct image hosting, portfolio sites, and email attachments do not.
Always strip GPS EXIF data before sharing photos outside of private, trusted channels. Squoosh Next strips all EXIF during export by default since re-encoding through Canvas does not preserve metadata.
Key Takeaways
When a smartphone camera captures a photo with location services enabled, it embeds GPS coordinates accurate to within 3–10 meters in the EXIF metadata.
This data persists through most social media uploads, cloud storage syncs, and file transfers.
Publishing a photo taken at your home with GPS metadata intact reveals your home address to anyone with a hex editor or an EXIF viewer application.
For journalists, activists, or abuse survivors, this presents genuine physical safety risks.
Try It in the Workspace
Everything discussed in this article can be tested directly in Squoosh Next — no sign-up, no upload, 100% client-side.