Who Owns the Map: Data Sovereignty is Required to Protect Democracy

By Bennett Iorio & Brent van der Heiden

GIEF in collaboration with MapAtlas

The maps in this piece are interactive. Readers can consult 'Methodology' for further information on sources and construction, and toggle between Globe and Flat views to change the projection.

If you are viewing this on a mobile device and experiencing issues with the maps, try refreshing the page.

Mapping is a Political Act

From the earliest cadastral surveys to modern digital navigation platforms, mapping has always functioned as an instrument of governance, for good or ill. To be mapped is to be, in a sense, “legible” or “real” to society and government:Ttaxable, governable, serviceable, securable. Roads that exist on a map are roads that can be maintained, policed, or targeted for investment; settlements that do not appear are often excluded from formal service provision, emergency response, or political consideration. In this sense, maps actively participate in the political and economic organisation of territory. The boundary between “what exists” and “what does not” is frequently drawn cartographically, with material consequences for populations and institutions alike.

For most of modern history, authoritative maps were produced by states or empires as part of their administrative and military apparatus. National mapping agencies, censuses, and land registries underpinned sovereignty by fixing borders, standardising place names, and enabling bureaucratic control at scale. We live, obviously, in a period of change; over the last two decades, this role has increasingly migrated to private technology platforms. A handful of firms like Google and Apple now function as de facto arbiters of spatial reality for billions, determining which roads, administrative boundaries, points of interest, and even place names appear in everyday navigation, search, and planning tools. Acute coverage gaps in these systems remain, of course: Commercial high-resolution satellite imagery covers less than 60% of the globe regularly (Google, 2024), leaving about 40% - predominantly in the Global South - without consistent or detailed capture, while informal settlements and rural areas often remain unmapped or outdated by years, excluding populations equivalent to over 1 billion people in slum-like conditions from accurate representation in proprietary datasets (United Nations, 2023). This creates structural dependencies on opaque, externally controlled data pipelines that lack local accountability or democratic oversight (Herfort, 2020). At the same time, these systems do more than represent space; they increasingly record and mediate how it is used. The map is no longer only a static description of territory, but an evolving record of movement, behaviour, and interaction. Control over that layer is therefore not just cartographic. It is social, economic, and political.

Yet the tech giants do not have a monopoly on spatial data. Recent advances in cryptography, distributed systems, and incentive design have enabled a different model of spatial data production: Decentralized mapping networks built from verified user contributions rather than centralised data pipelines. These systems lower the barrier for local knowledge to enter the spatial record while attempting to preserve data integrity through provenance, reputation, and consensus mechanisms. Unlike traditional crowdsourcing, which often feeds proprietary platforms, decentralized models are explicitly concerned with who owns the data, how contributions are validated, and how trust is established without a single institutional gatekeeper. This represents a structural shift in how “ground truth” can be produced and maintained (Herfort et al., 2021). This shift does not simply increase participation; it redistributes the capacity to generate and define spatial reality itself.

Why does that matter? As spatial-data production fragments and diversifies, the public and private institutions alike that depend on accurate maps - governments, courts, regulators, emergency services, humanitarian actors, and planners (even consumers, shoppers, citizens finding local businesses) - confront both opportunity and structural risk. The central question is no longer who produces the map, but who ultimately owns and controls the data from which it is derived.

Map 1: Coverage Asymmetry: HDI as a proxy for tasking demand. This map renders the UN Human Development Index (HDI 2022) per country. HDI is shown here as a proxy because commercial-satellite tasking demand and OpenStreetMap editing density both correlate strongly with HDI.

So, there is power and potential here: Decentralized mapping can enhance institutional capacity by closing coverage gaps, accelerating correction cycles, and enabling civic participation in the production of “ground truth.” Famously, during the 2010 Haiti earthquake - as an example - incomplete and outdated maps of informal settlements and infrastructure delayed aid coordination and response efforts, contributing to operational inefficiencies until crowdsourced updates filled critical gaps (Zook, 2010). A further example points optimistically in the same direction. Following the 2023 earthquakes in Turkey and Syria, the Humanitarian OpenStreetMap Team activated a major mapping response within hours, coordinating thousands of remote volunteers to update road networks, building footprints, and access routes in affected areas. Turkish and Syrian local contributors played a seminal role, with on-the-ground knowledge accelerating the accuracy of updates in ways that remote mapping alone could not achieve. The result was a living dataset that emergency responders could draw on as conditions changed, and lives were literally saved; a practical demonstration of what bottom-up, citizen-led spatial data can accomplish when the governance conditions support it. 

Yet it can also introduce new risks - competing spatial claims in contested territories, divergent verification standards leading to epistemic fragmentation, and ambiguity over authoritative sources during crises. For example, in disputed territories such as Northern Cyprus, Kashmir, and Crimea, crowdsourced edits in OpenStreetMap have led to persistent edit wars over place names, boundaries, and labels, resulting in conflicting spatial claims and fragmented representations that require special governance policies to arbitrate - potentially confusing humanitarian or planning actors reliant on the data (EthicalGeo, 2022), and, conceptually, robbing inhabitants of these places of clear access and understanding to increasingly fundamental technology reliably.

What is now emerging is not simply a more open mapping ecosystem, but a contested transition in the ownership of spatial data itself. Production of data is shifting away from states and platform monopolies - but it is not yet clear where it will settle. Without deliberate governance, decentralisation risks reproducing the same concentration of power it seeks to displace, or fragmenting the informational basis on which institutions depend. With the right structures, it offers a different path: one in which citizens retain meaningful control over the data they generate, and in doing so, strengthen the foundations of democratic governance.

The question is therefore not whether decentralized mapping is inherently stabilizing or destabilizing, or indeed even “good” or “bad”, but - if our aim is to create positive conditions for civil society, democracy, vibrant and flourishing human life - under what governance conditions it reinforces institutional trust and coherent decision-making rather than eroding it. Understanding this balance is essential for any serious discussion of data sovereignty and democratic resilience in the digital age. At stake is not simply the accuracy of maps, but the ownership of the informational layer through which modern societies understand and govern themselves.

Spatial data exists as an underpin to a wide range of institutional functions that democracies and civil societies depend on but rarely consider in the foreground. It informs how resources are allocated, how jurisdiction is asserted, how emergencies are managed, and how populations are rendered visible to the state. Where spatial records are incomplete, inconsistent or contested, institutional action becomes uneven and harder to justify, and certainty decreases - trust with it. Over time, these gaps tend to map onto existing social and geographic marginalization, reinforcing patterns of exclusion and weakening the credibility of public authority in precisely those contexts where trust is already fragile.

Systems that expand visibility and accelerate correction can strengthen administrative capacity; systems that multiply competing representations without shared governance can just as easily undermine coordination and decision-making. The implications are therefore structurally relevant to our democratic societies; this is how democracies absorb and engage effectively with new sources of “ground truth” about their own societies and institutions. The trajectory is already set. The remaining question is whether that trajectory leads toward citizen ownership and democratic resilience, or toward deeper dependence on systems that are more comprehensive, but less accountable.

How Decentralized Spatial Networks Work

Of course, if decentralized spatial data is to be used for planning and coordination, it has to be produced in a form that can be checked and revisited. That requirement sits underneath everything else.

So, the practical problem, then, is not generating more spatial data; that is already happening at enormous scale. OpenStreetMap alone now has more than 10 million registered users and around 2.25 million distinct contributors recorded in its database statistics, which gives some sense of how far distributed mapping has already moved into the mainstream (OpenStreetMap, 2025). The harder problem is turning distributed observations into something stable enough to support planning, logistics, emergency response, or public administration.

Most mapping systems solve that by controlling the pipeline. Data is collected, processed, validated, and released through an institution or platform that decides what counts. OpenStreetMap loosened that model dramatically, but it still depends on editorial norms, sustained volunteer attention, and community enforcement to keep the dataset coherent over time. That has worked remarkably well in many contexts. During the 2010 Haiti earthquake response, more than 600 remote volunteers built a base-layer map for Haiti in roughly three weeks, almost from scratch, and that work became materially useful to humanitarian actors operating in a fast-moving and data-poor environment (Soden & Palen, 2014). 

What is now emerging goes a step further. In newer decentralised spatial systems, a contribution is not only an edit to a map. It is a record that carries provenance: Where it came from, when it was generated, and how it might be checked against other observations. In geospatial-data research, blockchain-based approaches are being explored precisely because they can improve traceability, integrity, and transparency in geospatial data sharing (Chafiq et al, 2024), while geospatial cryptography has developed around a related problem: How to secure geographically referenced data without making it unusable (Jacquez et al, 2017). The technical point is thus straightforward: Trust no longer sits only in the curator of the dataset. More of it is pushed into the structure and history of the data itself.  As previously discussed, this matters most where existing maps lag badly behind lived reality. According to the UN’s 2024 SDG reporting, 1.12 billion people were living in slums or informal settlements in 2022 (UN Statistics Division, 2024), and the share of the urban population living in such conditions rose to 24.8 per cent. Herfort et al. show the same asymmetry in mapping terms: Despite a decade of humanitarian effort, regions with low and medium human development were home to 46 per cent of the global population but accounted for only 28 per cent of buildings and 16 per cent of roads mapped in OpenStreetMap during the period studied (Hertfort et al, 2021). In other words, the places where current, granular mapping is often most needed are still structurally underrepresented. 

The technical architecture of these systems typically rests on three layers: A contribution layer, where observations are submitted with attached provenance metadata; a consensus layer, where conflicting inputs are adjudicated through reputation-weighted or cryptographic mechanisms; and a publication layer, where validated data is exposed via open APIs to downstream institutional users. Each layer introduces distinct attack surfaces and governance requirements. A contribution layer with weak identity verification is vulnerable to Sybil attacks, in which a single actor floods the network with fabricated observations to shift the spatial record; Wang et al. demonstrated that a single Sybil device operating against a real-time crowdsourced mapping platform could generate false spatial data at scale and track individual users without detection, using only modest computational resources (Wang et al, 2018). A consensus layer controlled by a small number of high-reputation nodes risks reproducing the centralisation it was designed to avoid.

Map 2: OSM Contributor Density. Choropleth of monthly-active OpenStreetMap mappers per million population. Per-country mapper counts in this map are estimates derived from public OSMstats/Pascal Neis dashboards; treated as relative density, not exact figures.

A decentralised system is useful in this setting because it shortens the distance between observation and representation. Secondary roads, informal development, local commerce, damaged infrastructure, temporary closures: These are exactly the kinds of features that centralised systems often absorb slowly, if at all. A network built around continuous local input can reduce that lag. But the gain is only real if the system can resolve conflicts and weight evidence well. Data volume on its own does not produce reliability. It is easy to imagine a network that captures thousands of observations and still fails to converge on a usable representation of reality.

That is the live issue. Whether distributed inputs can be reconciled into a coherent spatial record that actors outside the network - municipalities, emergency responders, infrastructure planners, regulators - are willing to treat as dependable. The technical architecture matters because it determines whether decentralisation produces a more current and locally grounded map, or just a “noisier” one. 

This raises a question that the literature on decentralised mapping often skirts: what does ownership actually look like at the limits? If a system is 100 per cent decentralised, with no central host, no incorporated entity, no editorial body, then who owns the dataset, who pays for the storage and bandwidth that keep it accessible, and who is accountable when something is wrong? The honest answer is that pure decentralisation, in this strong sense, is rare in practice and difficult to sustain. Even systems described as fully decentralised typically rely on a small number of pinning services, hosted nodes, or foundation-supported infrastructure to remain usable; the BitTorrent network depends on tracker and DHT infrastructure, IPFS content remains available only as long as someone pins it, and Bitcoin, often held up as the canonical decentralised system, still depends on a concentrated set of mining pools and core developers to function. OpenStreetMap itself, frequently described as community-owned, is in fact hosted and stewarded by the OpenStreetMap Foundation, which carries legal responsibility for the database, runs the servers, and arbitrates disputes through a working group structure. 

The lesson from these adjacent systems is fairly consistent: Workable, or practical, decentralisation is not the absence of institutions per se, but the presence of lightweight, accountable, non-draconian ones. A spatial data network that aspires to function at the scale of public administration needs someone, or some clearly defined body, that can be served with a legal notice, that can correct a verifiably false record, that can patch a security flaw, and that can be held to account when verification mechanisms fail. The realistic target is therefore not maximal decentralisation, but a calibrated mix: contribution and ownership distributed at the edge, verification distributed across nodes with transparent rules, and a thin layer of institutional stewardship - foundations, standards bodies, or public-interest trusts - that holds defined responsibilities for hosting, dispute resolution, and legal interface. Where on that spectrum a given system sits is itself a governance choice, and one that should be made explicitly rather than allowed to settle by default.

Data Sovereignty and Democratic Ownership

As we can see, control over spatial data is already moving. It has been moving for some time - away from state cartography and into platform monopolies that now mediate how territory is seen, navigated, and acted upon. Decentralized systems add a further shift. The center of gravity is no longer singular. Data is generated at the edge, by individuals moving through and interacting with their environment.

Yet the direction of movement should not be confused with its destination.

There is no automatic mechanism by which decentralization returns control to citizens. Data can be generated locally and still be aggregated, structured, and exploited elsewhere. That pattern is already well established across digital systems, where participation is distributed but control remains concentrated (Couldry and Mejias, 2019). Spatial data follows the same logic unless deliberately structured otherwise.

This is the point at which the question becomes a political one: Who owns the map?

Not in an abstract or philosophical sense, but in operational terms. Who determines what is recorded, how it is verified, how conflicts are resolved, and how that information is used in decisions that affect real places and real people. These are not secondary questions. They determine whether decentralisation redistributes power or simply alters how data is collected before it is re-centralised.

Technically speaking, meaningful data sovereignty requires that individuals hold cryptographic keys to their own contributions - so that data cannot be extracted, re-attributed, or deleted without their participation. Self-sovereign identity frameworks, such as those built on W3C Decentralized Identifiers (DIDs) and Verifiable Credentials, provide one architecture for this: a contributor can prove authorship of a spatial observation without exposing personally identifying information to the platform aggregating it (W3C, 2022). Zero-knowledge proofs extend this further, allowing verification of data properties - that an observation was made within a given area, at a given time, by a verified contributor - without revealing the underlying data itself; recent research at the Technical University of Munich has demonstrated that such proofs can be generated for location data in under 0.3 seconds, making them viable for real-world deployment (Ernstberger et al., 2025). These are not experimental concepts; self-sovereign identity is already in production in adjacent domains: Under eIDAS 2.0, EU member states are required to provide citizens with digital identity wallets built on cryptographic credential standards, with full rollout expected by 2026 (European Commission, 2024).

So, if ownership remains external - whether in state institutions or corporate platforms - then decentralisation does not change the underlying structure. It increases data volume without changing authority. Citizens contribute, but do not control. Their environments are recorded, but not governed by them. In a sense, this is even worse than authoritarian government control of through the usual institutions of cartography, censuses, etc.; because the system has the potential to be so much more complete, and under the wrong conditions, so much more invasive.

The Orwellian Hypersurveillance Alternative

There is nothing hypothetical about the abuse case; it is in fact happening now, though not ubiquitously.

The contemporary smartphone ecosystem already produces a level of spatial visibility that older institutions of census, cadastre, and police record could never dream of achieving. It is continuous, ambient, and behavioural. It does not merely show where a road is, or where a boundary runs. It shows where people sleep, worship, seek medical care, protest, organise, travel, and return. That is why ownership matters.

It is trite to say that our phones are ‘spying on us’; even if it is certainly true. It is more useful to say that our societal habits of data usage are revealing information and patterns about us that are so complex and data-rich that ‘spies’ are hardly needed at all. 

The corporate side of this is already well documented. In 2018, an Associated Press investigation, confirmed by researchers at Princeton, found that Google services stored users’ location data even when users had turned off a setting labelled “Location History” (AP, 2018). In 2022, forty US states reached a $391.5 million settlement with Google over misleading location-tracking practices, stating that Google had misled users about how location data was collected and used (North Carolina Department of Justice, 2022). This was not an edge case or a technical misunderstanding. It was a major privacy settlement centred on the basic question of whether people had meaningful control over their own movements.

The wider market is worse. The New York Times reported that at least 75 companies were receiving precise location data from apps, and that several claimed to track as many as 200 million mobile devices in the United States. Using one internal dataset covering more than 1.2 million phones, Times reporters were able to observe devices visiting Planned Parenthood clinics, houses of worship, and other sensitive locations (The New York Times, 2018). The point is not just that location data is collected. It is that supposedly “anonymous” location trails are rich enough to reconstruct private life at frightening resolution. Academic work has made the same point for years: in a dataset of 1.5 million people, four spatio-temporal points were enough to uniquely identify 95 per cent of individuals (de Montjoye et al., 2013).

That is the commercial baseline. The state-access problem follows naturally from it, and enters genuinely Orwellian territory.

US courts and regulators have already been dealing with the consequences. In Carpenter v. United States, the Supreme Court held that the government generally needs a warrant to obtain historical cell-site location information, recognizing the extraordinary sensitivity of movement data (US Supreme Court, 2018). But the data-broker route created a way around older constitutional assumptions. In 2024 and 2025, the White House and Department of Justice moved to restrict transfers of bulk sensitive personal data in part because such data could be used to track journalists, activists, dissidents, political figures, and members of marginalised communities, and to enable blackmail, espionage, or repression (White House, 2024; US Department of Justice, 2025). That language is blunt because the risk is blunt.

The enforcement record is equally revealing. In 2024, the FTC prohibited X-Mode/Outlogic from selling sensitive location data that could be used to track visits to medical and reproductive-health clinics, places of worship, and domestic-abuse shelters. It also prohibited InMarket from selling or licensing precise location data after alleging that consumers had not been properly informed and had not meaningfully consented. Later the same year, the FTC acted against Mobilewalla, and separately against Gravy Analytics and Venntel, over the sale of sensitive location data tied to health locations, churches, labor unions, and military sites (FTC, 2024a; FTC, 2024b; FTC, 2024c; FTC, 2024d). This is not a speculative future in which location data might be misused. Regulators are already describing a market in which it has been misused repeatedly.

The law-enforcement dimension is no less serious. Geofence warrants require a provider, usually Google, to search through its stored location data for every device that happened to be within a defined area during a set period. In 2024, the Fifth Circuit held that geofence warrants were categorically unconstitutional. The court noted that, for every geofence warrant Google responds to, it must search its entire Sensorvault repository - described in the case as containing 592 million accounts - to identify responsive users (US v. Smith, 2024). Whatever one thinks of the doctrinal line, the practical reality is clear enough: once a private actor holds a sufficiently large location archive, the temptation to use it as a dragnet is immense.

Nor is this confined to ordinary policing, of course. Reporting by Motherboard in 2020 found that location data drawn from ordinary mobile apps was reaching the US military through intermediaries, including data linked to a Muslim prayer app that had tens of millions of downloads (Cox, 2020). This matters because it shows how quickly location data collected for banal commercial reasons can migrate into intelligence and security use. The chain from convenience to surveillance is shorter than most people assume.

Put all of this together and the nightmare scenario is not difficult to describe. A society in which location data is continuously generated by citizens, extracted by corporations, sold through brokers, purchased by state agencies, queried through dragnet-style tools, and rendered legible enough to identify political meetings, union activity, religious observance, reproductive-health visits, protest attendance, military patterns, or the routines of specific individuals. It is a system of pervasive spatial exposure. Its value to advertisers is obvious. Its value to an authoritarian state, or to any state under stress and tempted by repression, is greater still.

In the United States, the expansion of location-data collection has been met with increasing legal and regulatory resistance. The Supreme Court’s decision in Carpenter v. United States established that access to historical location data generally requires a warrant, recognising the sensitivity of continuous movement tracking (US Supreme Court, 2018). More recently, courts have begun to push back against bulk location queries. In 2024, the Fifth Circuit held geofence warrants unconstitutional, noting that such requests require providers to search through vast repositories of location data to identify all devices within a defined area (US v. Smith, 2024). Regulatory action has followed a similar direction. The Federal Trade Commission has moved to restrict the sale of sensitive location data by brokers, particularly where it enables tracking of individuals to medical facilities, places of worship, or other protected locations (FTC, 2024a; FTC, 2024b). The capability is present, but it is being contested.

The European Union has taken a more structured approach. Under the General Data Protection Regulation (GDPR), location data is treated as personal data where it can be linked to an individual, imposing requirements around consent, purpose limitation, and minimisation (European Parliament and Council, 2016). Enforcement remains uneven, but the framework reflects an attempt to impose legal boundaries on how spatial data can be collected and used. The direction, again, is towards constraint.

China unfortunately presents the opposite case.

The capacity to collect and integrate spatial data has not been limited; it has been scaled. Location data, facial recognition, digital payments, telecommunications records, and platform activity are combined within a broader surveillance architecture that operates at population scale. Elements commonly grouped under the “social credit system” are not a single unified score but a set of interlinked mechanisms that monitor behaviour, enforce compliance, and restrict activity, driven in significant part by the spatial data of Chinese citizens. These systems have already been used to limit travel, access to services, and economic participation for individuals deemed non-compliant, including through blacklists that restrict the purchase of train and airline tickets (Creemers, 2018; Liang et al., 2018; Kenderdine, 2017).

Spatial data sits at the centre of this. It allows the state not only to know where individuals are, but to infer patterns of association, movement, and behaviour over time. Combined with ubiquitous mobile payment systems and large-scale video surveillance networks - China operates hundreds of millions of cameras nationwide - this produces a level of visibility that is both continuous and actionable (Mozur, 2018; Dai, 2022). The system does not rely on episodic access to spatial data; it is built to operate on it continuously (see map below).

Map 3: Geofence Warrants & Broker Rules. Categorical map of regulatory family for geofence warrants and commercial location-data brokering.

This is not a future risk. It is a present capability, deployed daily, at the scale of a billion people.

These are not separate paths that will converge naturally. They reflect different political choices about how spatial data is governed. The same technical capacity can be constrained, contested, or embedded into systems of control. What is currently missing at the global level is a stable model for ensuring that the expansion of spatial data strengthens democratic systems rather than undermining them.

This is why the destination of decentralisation matters so much. A more distributed map is not inherently a freer one. If the data layer remains externally owned, decentralisation can furnish a more complete and invasive surveillance architecture than older state systems ever possessed. The case for citizen-owned spatial data is therefore not sentimental and not anti-state. It is constitutional, civic, and democratic. Citizens need meaningful control over the data they generate because no democratic society should allow the most intimate record of collective movement and association to be held entirely by corporations, or made quietly available to governments, without strict limits, public accountability, and enforceable rights. That is the imperative.

The Imperative for Data Sovereignty

A different outcome is possible.

Where individuals retain meaningful control over the data they generate - where provenance is preserved, where access is not exclusively mediated by a central actor, and where systems are designed to allow participation without surrendering ownership - the relationship between citizens and spatial data changes. The map is no longer something produced about them. It becomes something produced with them, and, in part, by them.

This has direct implications for democratic resilience. Modern governance depends on shared representations of reality. Infrastructure, services, and security are all coordinated through spatial data. When that layer is controlled externally, trust in it becomes contingent. Where it is incomplete or opaque, decision-making becomes harder to justify and easier to contest. Where it is contested, coordination degrades.

Giving citizens a stake in the production and ownership of spatial data does not eliminate these problems; but it will change the structure within which they are managed. It introduces additional sources of verification, reduces dependence on single points of control, and creates a closer link between lived conditions and their representation.

Map 4: Spatial Data Flow. Citizen-generated location data passes through five chokepoints. Ownership rights typically dissolve at stage 2 (SDK terms of service).

This link matters most where institutions are weakest and/or least trusted. In regions where official mapping is incomplete or slow to update, locally generated data can fill operational gaps. The World Bank has repeatedly identified the absence of reliable geospatial data as a constraint on infrastructure planning, land administration, and service delivery across large parts of the developing world (World Bank, 2021). The issue is not simply data scarcity. It is who controls the data that does exist (see map below).

Map 5: The Mapped & the Unmapped. Live Overpass API fetch of OSM building footprints. 3D HexagonLayer aggregates density - taller / hotter hexagons = more mapped buildings.

Decentralised mapping provides a route to address that, but only under specific conditions. Data must remain attributable without becoming extractive. Verification must converge without reverting to opaque gatekeeping. Systems must be interoperable with institutional decision-making without being absorbed entirely into it.

Without those conditions, decentralization produces fragmentation or re-centralisation under a different guise.

With them, it could create a different foundation. One in which spatial data is not exclusively held by states or corporations, but is partially owned, generated, and verified by the people who live within the spaces it describes.

How We Protect Our Democracies

If spatial data is becoming a foundational layer of governance, then its ownership and control cannot be left to drift between platform monopolies, fragmented decentralised systems, and state access pathways that were not designed for this level of visibility. The question is no longer whether these systems will exist. It is how they will be structured.

The starting point is straightforward. Spatial data generated by individuals should, as a default, be treated as data over which they retain meaningful rights. Not absolute control in every instance, but a baseline of ownership that constrains how it can be aggregated, transferred, and used. Without this, decentralisation changes the method of collection while leaving the underlying power structure intact.

This is not a novel principle. Data protection regimes already recognise elements of it. Under GDPR, personal data - of which location data is a core subset - is subject to rights of access, erasure, and restriction of processing (European Parliament and Council, 2016). What is missing is extension and enforcement in the context of continuous, high-resolution spatial data. The current frameworks were not built for systems that generate persistent, fine-grained records of movement at scale.

A workable governance model for decentralised spatial data needs to address three interlocking problems: ownership, verification, and access.

Ownership must be more than nominal. It requires that individuals retain control over whether their data is contributed to shared systems, how it is attributed, and under what conditions it can be reused. This implies limits on secondary use, particularly where data can be repurposed for surveillance or behavioural profiling. It also implies portability. Individuals should be able to withdraw or redirect their data without losing access to the services built on top of it. Without this, ownership collapses into a formal right with little practical effect.

Verification must converge, yet without centralising. The technical problem of this is very well understood: Distributed inputs need to resolve into a coherent dataset. Yet the governance problem is less developed. Tricky questions to wrangle with are: Who defines the standards by which data is accepted or rejected? How are disputes handled when observations conflict? What prevents manipulation at scale? These are not purely technical questions. They require institutional answers.

There are existing models to draw from. Open standards bodies, such as the Open Geospatial Consortium, provide a precedent for defining interoperable frameworks that are not controlled by a single actor. In other domains, independent auditing mechanisms are used to verify system integrity without exposing underlying data. A similar approach can be applied here: verification protocols that are transparent, enforceable, and subject to external oversight, without requiring a single central authority to control the dataset.

In practice, this may mean that verification protocols should be defined in open specifications, for example with reference implementations published under open-source licences, and subject to independent audit on a regular cycle. Smart contract-based arbitration - in which dispute resolution logic is encoded transparently and executed automatically when defined thresholds are met - offers one mechanism for handling conflicting observations without requiring a human gatekeeper; blockchain-based dispute resolution platforms have demonstrated this approach in commercial contexts, and the underlying governance logic is directly applicable to geospatial data conflicts (Allen, Lane and Poblet, 2020). The governance question is who writes those contracts initially, and under what accountability structures; that is a political problem as much as a technical one, and it should be treated as such.

Access is the third axis, and the most politically sensitive. Spatial data has legitimate public uses. Governments need it for infrastructure, planning, emergency response, and security. The question is not whether access should exist, but how it is structured.

The current model is often indirect. Governments access data through platforms or brokers, sometimes with limited transparency and weak accountability. This creates two problems. It obscures the relationship between data generation and state use, and it encourages the accumulation of large, privately held datasets that can be queried in ways that bypass traditional safeguards.

A more stable model would separate access from ownership. Governments should be able to access spatial data under defined legal frameworks - warrants, statutory powers, or emergency provisions - but not through persistent, unrestricted access to privately held data reservoirs. The distinction is critical: Access should be conditional, specific, and auditable, with oversight. Ownership should remain distributed.

The tension between individual data ownership and legitimate public need - particularly in emergencies - is real, but it is resolvable by design rather than by exception. Technically, this separation can be enforced through tiered access architectures. For example: A base layer of citizen-owned spatial data remains fully under contributor control. A derived layer - anonymised, aggregated, and stripped of individual provenance - could be made available to public institutions under statutory frameworks with defined retention limits. Emergency access protocols thus can be pre-defined, with automatic “sunset” clauses and mandatory post-hoc audit, so that crisis use does not silently become a sort of permanent access. Federated data architectures, in which queries are executed against distributed data stores without centralising the underlying records, provide a well-established technical model for enabling institutional use without requiring data to be surrendered to a single repository; this approach has already been deployed in healthcare and financial regulation precisely to balance access with sovereignty; see Lifebit (Lifebit, 2025).

There is also a structural requirement that is often overlooked: Interoperability. Decentralised systems that cannot interface with institutional decision-making processes will remain marginal. At the same time, systems that are too tightly integrated risk being absorbed into existing power structures. The objective is controlled interoperability. Data can flow into public systems where necessary, but the underlying ownership and verification mechanisms are not overridden in the process.

This is not only a question of regulation; it is also a question of infrastructure.

If citizen-owned spatial data is to function as a meaningful alternative, it needs technical systems that support it. That includes secure identity layers that allow attribution without exposing individuals unnecessarily, storage architectures that prevent unilateral extraction, and incentive structures that reward accurate contribution and verification rather than volume. These systems will not emerge spontaneously at scale without investment. They require deliberate support, both public and private.

There is precedent for treating critical digital systems as public-interest infrastructure. The internet itself, GPS, and large parts of the open-source ecosystem were built through a combination of state support, academic research, and coordinated governance. Spatial data is now moving into the same category. It underpins too many functions to be treated as an incidental byproduct of commercial platforms.

The alternative is already visible. A fragmented landscape in which data is generated everywhere, owned nowhere by those who produce it, aggregated into large reservoirs by a small number of actors, and accessed by states through pathways that are difficult to scrutinise. That system is efficient in the narrow sense. It is not resilient, and it is not aligned with democratic principles.

A different outcome requires intervention.

Policy Recommendations

There are serious variances across the globe on existing and proposed geospatial data policies, from the comprehensive frameworks of the GDPR family to jurisdictions where no enforceable standard exists at all. The map below illustrates the scale of that divergence. What it perhaps cannot fully convey is the consequence: that the same data infrastructure - the same brokers, the same aggregation pipelines, the same surveillance-grade location archives - operates across all of these contexts simultaneously, while the legal constraints on it vary enormously depending on where a user happens to be located. Citizens in jurisdictions without meaningful protections are not simply under-regulated; they are, in practical terms, actively exposed.

Map 6: Governance Gap. Categorical map of national privacy-law status. UNCTAD's tracker reports 137 of 194 surveyed nations have privacy legislation; the categories below distinguish whether that law extends to high-resolution location data.

Regardless of the differences in existing frameworks, the technical substrate they are trying to govern is identical everywhere: continuous, high-resolution, behavioural location data generated at population scale, moving through the same global broker markets, and accessible to state actors through the same commercial pathways. That shared reality imposes a common logic on what effective governance must achieve. Five policy recommendations follow:

First, legal frameworks need to be extended to explicitly cover high-resolution spatial data as a protected category, with clear limits on collection, retention, and transfer. Existing data protection laws provide a foundation, but they are not sufficient on their own.

In particular, legislation could specify that continuous location data collected at sub-50-metre resolution over periods exceeding 24 hours constitutes high-sensitivity personal data by default, triggering enhanced consent, retention, and transfer restrictions regardless of whether it is nominally anonymised; the academic literature has established that as few as four spatio-temporal data points are sufficient to uniquely re-identify 95% of individuals in a large location dataset, rendering conventional anonymisation inadequate at this resolution (de Montjoye et al., 2013).

Second, standards and frameworks for decentralised spatial data systems need to be defined and adopted. These should cover provenance, verification, interoperability, and auditability. Without common standards, fragmentation is likely.

A viable starting point is extending the Open Geospatial Consortium's existing standards work to include provenance and contributor-rights specifications, with mandatory conformance testing as a condition of public-sector procurement (Open Geospatial Consortium, 2023).

Third, funding and institutional support should be directed toward the development of citizen-aligned spatial data infrastructure. This includes open protocols, privacy-preserving technologies, and governance mechanisms that embed accountability from the outset. 

There is a clear precedent for this kind of public investment in digital commons. The internet, GPS, and large parts of the open-source software stack were built through combinations of state funding, academic research, and coordinated standards governance; not left to emerge from commercial competition alone. Germany's Sovereign Tech Fund, established in 2022, provides a direct contemporary model: it directs public funding specifically toward the maintenance and security of open-source digital infrastructure on the grounds that critical systems cannot be left dependent on volunteer labour or private incentive structures (Open Forum Europe, 2025). The same logic applies here with particular force, given that the GPS infrastructure underlying virtually all civilian spatial data was itself a publicly funded military programme whose outputs were made available as a global common good (TechPolicy.Press, 2025).

Fourth, constraints on data brokerage and secondary markets for location data need to be strengthened. The repeated enforcement actions by regulators demonstrate that the current model is incompatible with meaningful control over personal data (FTC, 2024a; FTC, 2024b). Restricting these markets is central.

Regulatory sandboxes with mandatory data-minimisation and purpose-limitation requirements should be established to allow innovation in spatial services without permitting the accumulation of surveillance-grade location archives; participation in such sandboxes should be a condition of operating consumer-facing location services above defined scale thresholds, following precedents set by financial services regulators in the UK and EU.

Fifth, there needs to be clarity about the role of the state. Governments should not be excluded from spatial data systems. They are essential actors. But government access must be bounded, transparent, and subject to oversight. The objective is not to remove state capacity, but to align it with democratic norms in an environment where data is far more granular and pervasive than in the past.

Practically, this means codifying a warrant requirement for any bulk spatial query - defined as a query returning location data on more than a defined threshold of individuals within a specified period - and establishing an independent oversight body with the technical capacity to audit state access logs and verify compliance, building on the constitutional principles affirmed in Carpenter v. United States and the subsequent legislative direction of the DOJ's 2025 bulk data rules (US Supreme Court, 2018; US Department of Justice, 2025).

Finally, bottom-up participation in open mapping must be actively supported through societal communication and encouragement, not treated as incidental. The case for data sovereignty is undermined if citizens lack the tools, literacy, and institutional backing to participate meaningfully in producing and governing the spatial data that affects them. 

Practically, this means governments and civil society organisations should invest in digital literacy programmes oriented around spatial data, support community mapping initiatives in under-represented regions, and ensure that open mapping platforms are accessible and genuinely responsive to local contributors. Participation without ownership is insufficient; but ownership without participation is equally hollow. The goal is a spatial data ecosystem in which citizens are not merely the subjects of the map, but active and empowered contributors to it.

The underlying dynamics of spatial data will never reverse. Spatial data will become more detailed, more continuous, and more central to governance, economic life and society. The choice is whether that development reinforces systems of accountability and shared control – freedom, in short - or concentrates power in ways that may be impossible to unwind.

Data sovereignty, in this context, is not an abstract principle, or a minor question for companies and individuals. It will be one of the most direly important mechanisms by which we protect our democracies and societies as a whole from the predations of those that would seek to use information to control and repress us.

References