Comment 26 for bug 262193

While I am not among them there are friends of mine who are not even okay with Canonical having their information. It is my opinion that this is reasonable to some degree.

If you can bother to keep metadata in the database regarding who set the location then you can afford to have a field regarding whether the user has approved it. and a) not display it until they have approved it and b) delete it if they specifically disapprove it.

The logic should go roughly like this:

someone has set the location of user foo:
   is the setter foo? set location, set approved to true, set visible
   else:
       store location and set approved and visible to false
       send an email with links to approve or disapprove the location:
             user approves: set approved to true, set visible.
             user disapproves: keep approved at false, CLEAR location data, and possibly make it no longer setable.