The question may be asked: Is there any special data protection or privacy issue associated with locational data? The answer is YES but its explanation must be given indirectly. “Sensitive personal data” is regarded as data that identifies, among others, a person’s ethnic background, religion, political affiliations or sexual habits. However, the location of a person is not considered sensitive personal data. Yet, when processing data on persons, especially when locations are involved, say in terms of visiting synagogues on a regular basis or particular areas of ethnic concentrations, it is arguable that sensitive data are being processed and unintended inferences are being made about a person’s religion or ethnicity (Rowe and McGilligan 2001).

Most geographers will understand location to mean the relative positions of entities in space and time and of events taking place. Locational information describes a person’s or entity’s whereabouts in relation to other known objects or reference points. In this context, tracking is meant the plotting of the trail or sequence of locations within a space that is taken by an entity over a period of time. The “space” within which the entity’s location is tracked can be a physical or a geographical space. However, such a space can also be ‘virtual’ where that person may have had successive interactions in time with different people either simultaneously or at different times.

Data surveillance, abbreviated to dataveillance, is the systematic use of personal data in the investigation or monitoring of actions or communications of one or more persons. Conceptually there may be two separate classes. Personal surveillance is the surveillance of identified persons for various purposes. This may include investigation, monitoring or gathering information to deter particular actions by that person or particular behaviours of that person. Mass surveillance, on the other hand, is the surveillance of large groups of people, again for the purpose of investigation or monitoring and which may aid in the identification of persons of interest that a surveillance organisation has cause for concern (Clarke 1999a).

While geospatial applications based on remote sensing of the earth on regional scales, and the use of GIS in very small scale city planning are relatively well-known, the application of such technologies to home location are less prominent. In general, utility companies may use home location data to track usage of power, gas and water, whereas social security benefit providers and licence administrators may make use of street addresses to tag locations for administrative purposes.

Telecommunication services to the home via the double-twisted copper wire provide home location information to the Public Switched Telephone Network (PSTN) of a phone utility. All phone communications to and from the home address can be recorded, stored, analysed and made available to others. Telephone traffic data may be analysed as call records and have been used for billing and invoicing purposes. The data also give paired locational information of the origin and destination of calls (dyads) that may be analysed for particular information.

More recently home telephone services have facilities such as caller ID, calling line ID (CLI), and calling number display (CND) that give information of a caller, the caller’s phone number, and the time of the call. Caller, line, and number identifications are now generally available and have been used by telecommunication companies, law enforcement agencies and consumers as a means of screening calls.

Australia on Disk (AOD) is a directory of every residential and business phone number in the country. This comprises all 55 national phone directories giving a total of 1.3 million business listings and 6.9 million residential phone numbers in 2005. While there are obvious environmental benefits in not having to produce paper copies of telephone directories, there are equally potent privacy implications not to do so given that a disk containing residential information may be put to other than legitimate uses (Each year in Australia Sensis/Telstra produces about 55,000 tonnes of directories or 18 million sets of Yellow Pages and White Pages of which 80 per cent is recycled. But that still means about 11,000 tonnes go into landfills each year. See Lowe S 1994 ‘Indecent disclosures’, The Sydney Morning Herald, 21 March, p. 47). The information obtained can then be used to individually address letters to be sent out or used in a phone marketing campaign. An additional product, the AOD Mapper presents data and maps with areas of interest colourcoded to show their relative importance. The maps could identify hotspots where the residents are most likely to match particular profiles, for example, the suitbuying yuppie, the private school targeting high-income earners with young families or health insurance companies looking for low risk, single, professionals.31

The tracking of individuals over borders has normally been controlled and monitored at immigration counters by checking and stamping national passports and the use of identity cards. More recently such travel documents have electronic chips embedded in them that permit electronic scanning and automatically provide entry and egress at checkpoints. The data captured may yield patterns of entry and departure of citizens and visitors alike. At a microscale, movements within buildings may be monitored using video surveillance equipment. In combination with video evidence, movement over time and space within buildings, analyses using pattern recognition and/or matching algorithms may yield greater insights to movement patterns of individuals or groups of people and the most trafficked areas. However, while the system may provide greater effectiveness to the security of a particular building, the technology is highly intrusive of the privacy of its users.

In Malaysia, for example, the introduction of the Government Multipurpose Card (GMPC) or MyKad is a standard credit-card-sized plastic token with an embedded microchip. MyKad has been issued progressively since 2001 with the mandatory obligation that everyone in the population 18 years and over should have one. To date, it seems that this is the world’s first national smart card scheme that stores biometric data on an in-built computer chip. The encoding is a copy of the owner’s fingerprints. But there have been niggling misgivings, for example the practice of surrendering identity cards to security guards before entering certain premises or ‘gated’ communities would require close monitoring because of privacy concerns (Idrus 2003).

A layer of privacy protection has been installed with the passing of the Personal Data Protection Act (2002) with safeguards including the appointment of a Data Protection Commissioner. However, the Act has yet to come into full effect on the grounds that it will be a burden to businesses. There are no other safeguards against the abuse and privacy of data for MyKad. In general the Malaysian Constitution does not provide for the protection of privacy (The National Registration Act (1959) provides for the establishment and maintenance of a registry of all persons in Malaysia (s 4) and that every person in Malaysia be registered under the Act (s 5). The Register extends to all residents of Malaysia, including non-citizens who work and reside there). Article 5(1) of the Malaysian Constitution provides the fundamental guarantee that “no person shall be deprived of his life or personal liberty, save in accordance with law”.

In Australia the Hawke government attempted to introduce the Australia Card in the late 1980s but there has been general resistance and outright opposition (see Davies 1996). A health card of sorts was also proposed in Australia which met with strong opposition by the population (see HIC 1985).

Elsewhere in Hong Kong, concerns about information privacy have been raised in terms of the HK Smart Id Card. This was because of the possibility that one card could bring together a comprehensive personal dossier from different sources relating to an individual. (See HK Privacy Commissioner 2000).