Journalists in Europe found it was “easy” to spy on top European Union officials using commercially obtained location histories sold by data brokers, despite the continent having some of the strongest data protection laws in the world.

EU officials said they’re “concerned” about the trade of citizen and officials’ mobile phone location data, and have issued new guidance to staff to counter the tracking, according to a report by Netzpolitik.

A coalition of reporters obtained the dataset, offered as a free sample from a data broker, containing 278 million location data points from the phones of millions of people around Belgium. Much of the location data is uploaded by ordinary apps installed on a person’s phones, which is sold to data brokers. Those data brokers then sell that data to governments and militaries. 

The dataset also included the granular location histories of Europe’s top officials, including those who work directly for the European Commission, which has its headquarters in Brussels. 

The reporters said they were able to identify hundreds of devices belonging to people who work in sensitive areas around the EU, including 2,000 location markers from 264 officials’ devices, and around 5,800 location markers from more than 750 devices in the European Parliament.

Europe has some of the strongest data protection rules in the world with its GDPR law. However, watchdogs and officials across Europe have been slow to take stronger enforcement action against data brokers, Netpolitik reported. Data brokering has ballooned to become a billion-dollar industry involving the sale and trade of people’s location data and other private information.

To counter some of this location tracking, Apple customers can anonymize their device identifiers, and Android owners can regularly reset their device’s identifier.

Last year, a data broker called Gravy Analytics had a data breach that exposed the location data belonging to tens of millions of people, including where they have been, live, and work. Researchers examining the data said the location records could be used to extensively track people’s recent whereabouts.