The Ethical Dilemma of
Personal Privacy in GIS
Catherine Kavanagh
Wexford County Council
Personal Privacy in GIS
Who has information about us?
Internet Usage and Technology Changes
Increase in GIS & Effects on Privacy
Data Integration & Geocoding
Organisational Responsibility & Data Protection
Page  2
Who has information about us?
Page  3
Mapping our Location
How many times are is our location and activity
captured during the day
– Receiving or making phone call
– Sending or receiving texts
– CCTV / tolls / travel cards on the way to work
– Id card to access the office
– Flextime system to clock in/out
– Online access during the day
– Using an ATM / laser card / store card
Page  4
What information is being stored?
What use is being made of the information?
Does it erode our privacy?
Can we do anything about it?
Do we want to do anything about it?
Page  5
Personal Privacy & Ethics
The development of computerised information
systems means that privacy is now a matter of the
protection of data about oneself (Curry, M, 1999).
Ethics implies civic responsibility on the part of
citizens and responsibility by society’s institutions,
including governments.
Page  6
Internet Users in Ireland
Page  7
Source –
PC Ownership & Broadband Access
58% 21%
Households with PC
Page  8
74% 65%
Broadband Access
Source –
Disclosure of Personal Data
Social Network Site
Online Shopping
Aware of data collection conditions
Control of Personal Data
Page  9
Attitudes on Data Protection and Electronic identity
in the European Union, June 2011
Changes in Technology
 Affordable computers
 Cost of computing capability
 Accessible broadband
 Cheap / OpenSource software
 Social Networking
 Online & Free Training
 Web apps / Mobile apps
 Web apps / Mobile apps
 Location Based services
 Location Based services
 Smartphones
 Cloud computing
 Telematics
Page  10
Increase in use of GIS
Mobile devices - phones, laptops, ebook readers,
digital cameras, and gaming devices -- are location
Availability of online mapping sites / Streetview /
Location Based Services
Positioning Systems - GPS & IPS
Online data capture / Increased availability of data
Low cost of GIS integration / cost of GIS software
Page  11
GIS & Google
 Google maps
released in 2005
 1.1 million
websites use
Google API to
integrate GIS
functionality into
their website
 40% of Google
map usage from
mobile phone
 200 million users in
Page  12
Location Privacy & Telematics
Location privacy – concerns the claim of individuals
to determine for themselves when, how, and to what
extent location information about them is
communicated to others (Duckham, M. et al, 2006)
Vehicular Telematics
– Fleet management, car navigation, car theft
tracking, vehicle diagnostics, speed monitoring
Personal Telematics
– Protection & safety benefits
Page  13
Smart Phone Usage
 Smart phone ownership at 43% in Ireland in 2012
 41% of smart phone users access mapping or travel apps
 Information that smartphones collect
• What services you use and how you use them
• What search queries you used
• IP address, browser type, language, date and time of
your request, unique cookie id to identify your computer
• Telephony log information such as phone number,
number called, time and date of call, duration
• Location
Page  14
Source Amarach Research
Example - Geotagging
Page  15
Page  16
GIS & Data Integration
Geographic information is factual information about
land and resources
– when matched with other data about individuals
may become personal information
– GIS is a powerful data integrating technology
– Adds value to the data
– Makes data more relevant for analysis and
decision making
Page  17
Census Information – Small Areas
Page  18
Source –
Limitations of Data Integration
Capacity for integration of spatial information and
personal information from multiple sources
Limitations of geocoding in Ireland
– 35% approx of all address are non-unique
– Varying address structures
– Different spellings
– Two languages
– Errors in data entry
Page  19
Geocoding – Benefits & Difficulties
– Centralised address database
– Single view of the customer
– Improve data management
– Improve efficiencies
– Non-unique address
– 39% in Wexford
– Maintain Data Privacy
Page  20
Local Authority Datasets
Applications, Enforcements, Preplanning,
Protected Structures, Dangerous
Rents, Grants, Loans, Applications,
Housing Stock ….
Water Network, Sewerage Network,
Connections, Commercial Meters,
Domestic Meters
Licencing, Enforcement, Complaints
Register of Electors
Commercial customers
Road Network,
Page  21
Example 1 - Planning
Legislative requirement to digitise applications and
make this data available to the public
Applications back to 1985 are available
Viewable online
Valued source of information to public and staff
Inherent right of public to access this information
Digitise applications, enforcements, preplanning,
dangerous structures
Page  22
Example 1 - Planning
Page  23
Example 2 - Septic Tank Registrations
Page  24
Example 3 - Rates
5,000 rateable properties
6 months to digitise
Difficulty with database & rural addressing
Used local knowledge
80% success rate
Compare with geodirectory
Find businesses not assessed for rates
Maintain privacy - Benefit to customer
Page  25
Example 3 - Rates
Page  26
Example 3 - Rates
Page  27
Example 3 - Rates
Page  28
Postcodes – A privacy issue?
Save duplication
Improve efficiency
Remove urban v rural divide
Must have unique postcodes
Overhead of implementing postcodes must have
Integrated with geodirectory
Page  29
Organisational Responsibility
Organisations have a responsibility to be aware of
their legal obligations regarding data privacy and
Data Inventory
– Know where the data is and who has access to it
– Identify and prioritise
Protection of personal data
– People
– Process
– Technology
Page  30
People & Process
– All staff
• Application of Data Protection legislation
• Awareness of organisational privacy policy
– GIS Staff
• Implications of geocoding and data matching
• Data integration must not impinge on personal privacy
– Process of data
• Available to only those entitled to view it
Page  31
Proactive approach
Risk Assessment
– Technology changes i.e. cloud computing etc
– Access policy
Implement data security
– Firewalls, Password protection, Antivirus protection
& Encryption policies
– Awareness of non-intentional disclosure and
Page  32
Data Protection
Data Protection Acts of 1988 and 2003 provide
protection of the right of individuals to data
Put responsibility on organisations to protect
personal data
Need to be modernised
Disclosing personal data is a part of modern life
Impossible to opt out
Page  33
Data Protection
New legislation proposed to provide
– A ‘right to be forgotten’
– Explicit consent
– Single set of data protection rules across the EU
– Give individuals more control over their personal
– Standardised regulation to benefit business
Page  34
Organisational challenge
– Act within legislative framework
– Protect privacy
– Exploit location data to improve services and
efficiencies while maintaining the privacy of
sensitive data
Personal challenge
– Awareness of new technologies
– Protect personal data
Page  35

PowerPoint Template - The Irish Organisation for