Privacy Law and Policy Reporter
The Ontario Information and Privacy Commissioner’s April 1997 Report on Geographical Information Systems (GIS) is a useful introduction to privacy issues of a significant but under-reported technology. Geographical information systems are software applications which arrange data in accordance with spatial references and visually present the results in the form of a map. These applications have enjoyed a largely unheralded expansion in use over the last few years. Originally developed for large scale public resource management and applied to specialised geographic projects, GIS applications are now making the transition to local administration and routine business uses. Products such as MAPINFO can now be run effectively on the relatively high powered multimedia personal computers which have become the business standard. GIS is now being heavily promoted as a marketing tool for small and medium businesses wishing to target niche markets.
Prior to the Ontario Report, GIS has attracted little formal recognition from privacy experts, although there is already a substantial academic literature exploring various ethical aspects including privacy. In particular there has been intense discussion around the implications for public access when geographic and property information in public records are commercialised to provide basic GIS data. It is no accident that attention has now been directed to these issues by a regulatory authority with both privacy and access responsibilities.
The Report is more of an exploration of issues which are likely to arise in a GIS context than a tightly focussed case study. It is refreshingly free of the kind of negative treatment of technology which characterises some privacy publications. It begins with a balanced and, on the whole, up-beat survey on how public agencies in both Ontario and elsewhere are applying GIS to solve a range of complex resource management and service delivery issues. It concludes with a set of recommendations on how Ontario public sector agencies can use GIS without departing from the spirit of privacy or access legislation. These policy recommendations give significantly more attention to the privacy implications than those relating to access.
GIS applications raise some very pertinent questions about how accepted privacy standards can be made to apply to the information they process. They pose a challenge to regulation which is designed to address problems associated with text-based data referring to identifiable people. It is difficult to apply conventional definitions of personal information to data which, while aggregate in form may be processed in ways which have very specific implications for individuals. For example insurers can use GIS to identify geographically based risk which translates into higher premiums without relying on the identification of individual cases. I was interested to see how the IPC would deal with the challenge which this aspect of GIS presents.
The Report highlights general social issues raised by the widespread use of GIS as well as those which raise recognisable privacy issues. These are treated separately from the specific privacy issues although it is not a watertight separation. The general issues section concludes with a suggestive but ultimately rather non-committal discussion on the issue of whether technology of this nature can be viewed as value free, which leads into a more conventional presentation on the value of information privacy.
The Report seeks to overcome the fact that GIS applications typically do not use personally identifiable information by characterising location as an extremely precise form of personal identification. While this is rhetorically appealing it may not satisfy the more narrow definitions of personal information in existing legislation. Like other ‘multimedia’ applications GIS may force regulators to expand received definitions, to retain the relevance of data protection.
GIS applications gain their richness by their ability to add spatial references to data collected in other contexts (geocoding) and to layer this data onto a base map. One of the more disturbing aspects of this process from a privacy point of view is its application as ‘geodemographics’ to intensive target marketing. A critique of geodemographics by geographers working from the perspective of post-modern surveillance theory sees it as an important tool for integrating individuals at different levels into corporate consumer culture.
The Report notes that it is often necessary to convert hard copy public record information into a digital form to make it accessible for GIS purposes. In the process the potential use of the information expands. It is often very difficult to reconcile the wholesale recycling of information which this process implies with data protection principles which seek to limit the use of information by reference to the purpose for which it is collected. The Report warns against an assumption that more information necessarily leads to better decisions. It stresses the importance of ensuring that privacy protective measures are planned for when systems are designed, rather than attempting to graft them on to already operating systems.
Spatially referenced information is inherently imprecise in that it is almost impossible to establish a precise spatial and temporal correspondence between map references and the real world objects to which they relate. The ‘error problem’ is widely recognised by geographers and designers of GIS software, and a variety of innovative solutions are being worked on to account for it. For many purposes the degree of error does not matter. However the possibility of error in data relating to people challenges the information privacy principle of determining the accuracy of data before use.
Error or imprecision has other implications; it can require expensive pre-processing of data adding significantly to its cost and thereby raising vexed issues of access and equity where public record data is involved. It can produce interpretations of GIS data which are fundamentally misleading. The current imbroglio over the privatised Victorian emergency call service is sometimes cited as an example of the lethal consequences of an inadequate GIS system.
The Report draws attention to these issues and argues that adherence to FOI principles and the data protection emphasis on transparency provide means of addressing them. Subjects’ knowledge of and consent to specific uses of their data is presented as a way of ensuring greater data integrity. This argument seems more convincing when applied to classical legacy database systems of public agencies, than to the multiplicity of data sources which can nowadays be captured in a GIS format.
The Report identifies public/private partnerships for the production and sale of GIS data as an area where data protection legislation confined to the public sector is of limited effectiveness. Within the context of the existing Ontario legislation this reinforces the need for more proactive policies by public agencies to ensure that the privacy aspects are addressed in the planning and publicity associated with GIS projects.
The Report concludes with a useful Privacy Impact Statement for public sector organisations wishing to assess the possible implications of a GIS related project.
The Ontario Report and GIS provide a useful starting point for exploring a new technology with significant privacy implications. Because of the existence of a robust social and ethical critique of GIS among professional geographers, a further exploration of the privacy issues offers an opportunity to expand the discourse on privacy, beyond the somewhat narrow legal and technical parameters which often characterise it.
Reviewed by John Gaudin, Research Officer, NSW Privacy Committee. (firstname.lastname@example.org)
Curry, Michael R, ‘In plain and open view: Geographic Information Systems and the problem of privacy’, 1994, http://www.spatial.maine.edu/relatedpublications.html
Graham, Stephen ‘Surveillant Systems and the City: GIS and Urban Panopticism,’ Conference Paper Abstract, 1996 at http://www.ncgia.ucsb.edu/conf/BALTIMORE/bios.html
Hornery, A ‘Direct marketing: they’re watching you’ Sydney Morning Herald 14 June 1997, p 95.
Monmonier, Mark, How to Lie with Maps, Chicago & London, 1991.
Ontario Information and Privacy Commissioner, Geographical Information Systems, Toronto March 1997 (http://www.ipc.on.ca//web site.eng/whatsnew/whatsnew.htm)
Pickles, J ed, Ground Truth: The Social Implications of Geographical Information Systems, NY, 1995.