While I am not among them there are friends of mine who are not even okay with Canonical having their information. It is my opinion that this is reasonable to some degree.
If you can bother to keep metadata in the database regarding who set the location then you can afford to have a field regarding whether the user has approved it. and a) not display it until they have approved it and b) delete it if they specifically disapprove it.
The logic should go roughly like this:
someone has set the location of user foo:
is the setter foo? set location, set approved to true, set visible
else:
store location and set approved and visible to false
send an email with links to approve or disapprove the location:
user approves: set approved to true, set visible.
user disapproves: keep approved at false, CLEAR location data, and possibly make it no longer setable.
While I am not among them there are friends of mine who are not even okay with Canonical having their information. It is my opinion that this is reasonable to some degree.
If you can bother to keep metadata in the database regarding who set the location then you can afford to have a field regarding whether the user has approved it. and a) not display it until they have approved it and b) delete it if they specifically disapprove it.
The logic should go roughly like this:
someone has set the location of user foo:
is the setter foo? set location, set approved to true, set visible
else:
store location and set approved and visible to false
send an email with links to approve or disapprove the location:
user approves: set approved to true, set visible.
user disapproves: keep approved at false, CLEAR location data, and possibly make it no longer setable.