The above investigation was supported by me and the University of Toronto's Citizen Lab.

We recently published a massive report on the ad-based mass surveillance system Webloc and its uses in the US, El Salvador and Hungary:
https://mastodon.social/@wchr/116375617333864571

Mecklenburg-Vorpommern LKA did not disclose who they bought from.

Whoever provided the data to LKA Mecklenburg-Vorpommern, the data provider and its suppliers also lack a lawful basis to process and share personal data from mobile apps and digital advertising with German police under the GDPR. I further discussed this here:
https://mastodon.social/@wchr/116403306330427864

Put differently, German police unlawfully used data that was unlawfully processed and shared by many parties from apps to data brokers to surveillance tech firms.

So, it is likely that more than one German state police dept bought ad-based surveillance tech, which typically involves data on millions of people secretly gathered from their phones.

Not a single German state data protection authority (out of 16) sees a lawful basis for the police utilizing this data, according to their statements.

@netzpolitik_feed and Bayerischer Rundfunk sent freedom of information requests and media inquiries to all 16 German state LKAs:

- LKA Mecklenburg-Vorpommern: confirmed the (past) use of advertising data
- LKA Brandenburg: confirmed the use of 'commercial data'
- LKAs in 5 states: we don't use advertising data
- LKAs in 9 states: we won't tell you, neither confirm nor deny

Their letter is quite explicit about Apple, Google and Chrome:

- Both Apple iOS and Google Android were "designed" to "assign a unique tracking number to each smartphone for use by the advertising industry and data brokers".

- Google Chrome, as a web browser that is "designed to facilitate data collection", must be removed from all US military devices.

Here's our 2023 report on how "data about American defense personnel and political leaders flows to foreign states and non-state actors":
https://www.iccl.ie/digital-data/americas-hidden-security-crisis/

In a letter, Wyden and other congress members write that the DoD "has not taken basic steps to protect U.S. military personnel from the serious … threat posed by the collection and sale of personal information". Instead, it has "encouraged the growth of this industry by buying location data" from data brokers:
https://www.documentcloud.org/documents/28168364-ron-wydens-may-28-2026-letter-to-the-department-of-defense/