Skip to content

Chapter 16: Security, Privacy, Ethics, and Law in Geospatial Systems

Security, privacy, ethics, and law

Location data can reveal home, work, religion, health care, political activity, identity, vulnerability, and habit. Geospatial engineers must treat location as sensitive data and design systems accordingly.

Learning Goals

  • Identify privacy and security risks in location data.
  • Apply responsible approaches to aggregation, access, consent, and governance.
  • Understand licensing, intellectual property, and Indigenous data sovereignty concerns.
  • Build auditability into geospatial systems.

Theory

Location privacy is difficult because movement patterns are distinctive. Removing names is often not enough. A few points can re-identify a person. Spatial aggregation can still expose small groups. Sensitive infrastructure data can create security risks.

Ethical geospatial engineering asks who benefits, who is exposed, who controls the data, and who can contest errors.

Research and Governance Foundations

Location data should be handled as sensitive data even when it does not include names. Spatial precision, timestamp frequency, repeat visits, and linkage to other datasets can make re-identification possible. Privacy controls should be selected based on threat models, not hope.

Indigenous data sovereignty and community data governance are also central to responsible geospatial work. Some datasets describe land, cultural resources, ecological knowledge, or community conditions that should not be published simply because they can be mapped. The engineering workflow should include consent, governance, access control, and review before publication.

Math

Relevant math includes k-anonymity, spatial aggregation, geomasking, differential privacy, uncertainty buffers, risk scoring, and re-identification analysis. Privacy transformations change analytical utility, so teams must evaluate both protection and usefulness.

Equation companion: Math and Algorithms Reference

Tools of the Trade

  • Access controls, row-level security, audit logs.
  • Data minimization and retention policies.
  • Aggregation, suppression, perturbation, and differential privacy tools.
  • Licensing records, consent records, and data sharing agreements.
  • Threat modeling and privacy impact assessments.

Examples of Real-World Solutions

  • A mobility dataset is aggregated to zones and time windows before publication.
  • A public health map suppresses small counts.
  • A utility system restricts detailed critical infrastructure layers.
  • A community data project follows local governance rules before publication.

Working Practice Examples

  1. Threat-model a mobile location dataset.
  2. Create a publication rule for small-area counts.
  3. Compare raw points, jittered points, and aggregated hex cells.
  4. Write a data use policy for a sensitive geospatial layer.

Common Failure Modes

  • Believing de-identification is enough.
  • Publishing precise points for sensitive locations.
  • Ignoring consent and community governance.
  • Combining datasets in ways that increase harm.
  • No audit trail for access to sensitive layers.

Works Cited

Elwood, Sarah, and Agnieszka Leszczynski. "Privacy, Reconsidered: New Representations, Data Practices, and the Geoweb." Geoforum, vol. 42, no. 1, 2011, pp. 6-15.

Kukutai, Tahu, and John Taylor, editors. Indigenous Data Sovereignty: Toward an Agenda. ANU Press, 2016.

Sweeney, Latanya. "k-Anonymity: A Model for Protecting Privacy." International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, vol. 10, no. 5, 2002, pp. 557-570.

Zook, Matthew, et al. "Ten Simple Rules for Responsible Big Data Research." PLOS Computational Biology, vol. 13, no. 3, 2017.


GeoInformatica Consulting logo