Users in the EU, EEA, or UK can request access to, correction, or deletion of their personal data, ask Waze to stop processing it in certain circumstances, and complain to their national data protection regulator.
This analysis describes what Waze's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision formally acknowledges the GDPR and UK GDPR rights framework for European and UK users, establishing an avenue for data subjects to exercise statutory rights directly against Waze.
The updated policy now explicitly discloses that Waze periodically collects all phone numbers stored on your device's contact book as part of the 'find friends' feature. According to the revised term…
The updated policy removes explicit language describing how Waze collects phone numbers from device contact books and integrates social network accounts. Previously, the policy stated that Waze would…
The updated privacy policy now explicitly discloses that Waze periodically collects all phone numbers stored in your device's contact book as part of the 'find friends' feature. According to the poli…
EU, EEA, and UK users have legally-grounded rights to access, correct, delete, or restrict the processing of their personal data held by Waze, and can escalate complaints to their national data protection authority if those rights are not honored.
How other platforms handle this
If you are a California resident, you may have certain rights under the California Consumer Privacy Act (CCPA). These rights may include: the right to know about personal information collected, disclosed, or sold; the right to delete personal information collected from you; the right to opt-out of t...
Depending on where you live, you may have certain rights with respect to your personal information. These rights may include: The right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which we collected i...
California law gives residents the right to know what personal information we collect, use, share or sell; to delete personal information under certain circumstances; to opt-out of the sale or sharing of their personal information; to correct inaccurate personal information; to limit the use and dis...
Monitoring
Waze has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"If you are located in the European Economic Area or the United Kingdom, you have certain rights under applicable data protection laws, including the right to access, correct, or delete your personal data, the right to object to or restrict processing, and the right to data portability. You may also have the right to lodge a complaint with your local supervisory authority.— Excerpt from Waze's Waze Privacy Policy
1) REGULATORY LANDSCAPE: This provision reflects GDPR Articles 15 through 22 (data subject rights) and their UK GDPR equivalents. Enforcement is primarily by national supervisory authorities within the EU/EEA (coordinated via the EDPB lead authority mechanism) and the UK ICO. Failure to respond to data subject access requests within the required 30-day period (extendable to 90 days in complex cases) constitutes a breach of GDPR obligations and can trigger regulatory complaint procedures. 2) GOVERNANCE EXPOSURE: Medium. The provision acknowledges statutory rights but does not specify the mechanism or timeline for exercising them within the Waze platform; compliance teams should verify that operationally documented request handling procedures (DSARs) exist and meet the statutory response timelines. 3) JURISDICTION FLAGS: EU/EEA and UK users have the strongest statutory rights framework. The right to erasure under GDPR Article 17 may be particularly significant given Waze's collection of precise location and driving history data; however, the policy does not address whether erasure of navigation history is technically complete across all Google-affiliated systems receiving Waze data. 4) CONTRACT AND VENDOR IMPLICATIONS: Waze's obligations to honor data subject rights must extend to data held by processors and joint controllers (including Google); data processing agreements and intra-group data sharing arrangements should confirm that DSAR responses account for all data processing activities across the Google infrastructure. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should ensure that DSAR intake, routing, and response workflows are documented and tested, that response timelines are tracked, and that the erasure process is technically confirmed to include Google-side data stores receiving Waze data where applicable.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision formally acknowledges the GDPR and UK GDPR rights framework for European and UK users, establishing an avenue for data subjects to exercise statutory rights directly against Waze.
EU, EEA, and UK users have legally-grounded rights to access, correct, delete, or restrict the processing of their personal data held by Waze, and can escalate complaints to their national data protection authority if those rights are not honored.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Waze.