W3C updates geolocation standard for web applications

The World Wide Web Consortium (W3C) has published an updated Recommendation for Geolocation on 24 March 2026, defining how web applications access and use location data from user devices.

The specification provides a standardised web API that allows websites to request geographical location information through a browser. It outlines how applications can obtain a user’s position either as a one-time request or through continuous tracking, using functions such as getCurrentPosition() and watchPosition().

The Recommendation explains that location data may be derived from multiple sources, including GPS, Wi-Fi networks, mobile cell towers, IP addresses, or other system-level signals. It also clarifies that the API returns an estimated position, not necessarily an exact physical location.

A central element of the standard is the requirement for user consent. Browsers must obtain explicit permission before sharing location data with websites. The specification also addresses how user agents should manage permissions, including handling repeated requests and limiting access where appropriate.

The updated Recommendation places emphasis on privacy and security considerations. It highlights risks associated with location tracking, such as profiling or surveillance, and outlines responsibilities for both browsers and developers to minimise data exposure. This includes limiting data retention, requesting only necessary information, and ensuring secure transmission.

The document also provides guidance on error handling and accuracy, specifying how applications should respond when location data is unavailable or imprecise. It defines the structure of location data returned to applications, including coordinates, accuracy levels, and optional metadata such as altitude or speed.