The Location Bargain: What Australians Unknowingly Trade When They Share Where They Are
Photo by Photo by Steven Wei on Unsplash on Unsplash
There is a particular irony in the fact that the most sophisticated geospatial technology most Australians will ever interact with sits in their trouser pocket. The GPS receiver embedded in a modern smartphone can resolve a position to within a few metres. What is rarely discussed, however, is where that position data travels once it leaves the device — and what it is worth to the organisations that collect it.
Australia has quietly become a significant participant in what analysts now call the location economy: a commercial ecosystem in which the coordinates of everyday life are harvested, aggregated, sold, and applied to decisions that affect credit, advertising, insurance, and even employment. The mechanics of this system are largely invisible to the people generating the data.
A Permission Granted in Haste
The pathway into this economy is deceptively simple. When an Australian installs an application — whether a supermarket loyalty programme, a navigation tool, or a social platform — they are typically presented with a permissions dialogue requesting access to location services. Research consistently finds that the majority of users accept these requests without reading the accompanying privacy policy, which may run to tens of thousands of words.
What that policy often authorises is considerably broader than the functionality the app appears to require. A retail application may request continuous background location access ostensibly to notify users of in-store specials. In practice, that same permission enables the developer to track movement patterns across the day: which competing stores are visited, how long a user spends at a medical centre, whether they frequent a particular place of worship. This behavioural geography is then packaged and sold to data brokers, who resell it to advertisers, insurers, and other commercial actors.
The granularity of modern location data makes it particularly sensitive. A dataset showing that a device spent three evenings per week at a specific address — even without a name attached — is sufficient, in many cases, to identify the individual and infer intimate details about their relationships, health, or financial circumstances.
Case Studies from the Australian Market
Banking and Financial Services
Several major Australian banks have integrated location data into their fraud detection and credit assessment frameworks. The legitimate use case is compelling: a transaction flagged in Perth while the customer's device is geolocated in Melbourne is a credible fraud signal. However, consumer advocates have raised concerns about the secondary uses of this data. Location histories that reveal visits to payday lending offices, gambling venues, or debt counselling services can, in principle, inform credit risk scoring — a practice that sits in a regulatory grey zone under current Australian law.
Retail and Loyalty Programmes
Australia's supermarket duopoly has invested heavily in location-aware loyalty infrastructure. Flybuys and Everyday Rewards, the two dominant programmes, collect transactional data that, when combined with device location signals, allows retailers to construct detailed models of household behaviour. The value proposition for consumers — discounts and personalised offers — is real. The less visible dimension is that this data may be shared with third-party FMCG brands and, in some configurations, with overseas data partners whose privacy obligations differ materially from those imposed by the Australian Privacy Act 1988.
Dating Applications
Perhaps the most acute privacy exposure exists within dating platforms. Several widely used applications operating in Australia have, at various points, stored location data at a precision level sufficient to reconstruct a user's daily routine. Investigative reporting in comparable markets has demonstrated that such data, if improperly secured or sold, could be used to identify individuals in sensitive circumstances — including those in same-sex relationships in contexts where that carries personal risk, or individuals whose physical movements might reveal an undisclosed medical condition.
The Regulatory Landscape
Australia's primary instrument for governing personal data is the Privacy Act 1988, administered by the Office of the Australian Information Commissioner (OAIC). Location data is classified as personal information under the Act, but critics argue that the existing framework is ill-equipped to address the volume, velocity, and commercial complexity of contemporary data flows.
The federal government's ongoing Privacy Act Review has signalled an intention to introduce more explicit protections for sensitive inferred information — a category that would encompass behavioural profiles derived from location histories. Proposed reforms include a strengthened right to erasure, clearer consent requirements, and direct rights of action for individuals. As of the time of writing, however, these reforms have not been enacted, leaving a gap that regulators in the European Union and, increasingly, several United States jurisdictions have moved to close.
The OAIC has pursued enforcement actions in relation to location data misuse, most notably in proceedings involving the Clearview AI facial recognition service. Yet the agency's resourcing relative to the scale of the data economy remains a point of concern among privacy scholars.
What the Geospatial Dimension Adds
From a geospatial science perspective, the location economy raises questions that extend beyond conventional privacy discourse. The spatial resolution of modern consumer location data is, in many respects, superior to datasets available to urban planners and transport engineers through official channels. Private companies possess real-time, longitudinal movement data for millions of Australians that government agencies can only approximate through periodic surveys.
This asymmetry has practical consequences. When a local council seeks to understand pedestrian flows through a CBD, it may purchase aggregated mobility data from a commercial provider — data that was originally collected through consumer apps without users understanding that their movements would ultimately inform public infrastructure decisions. The loop between private collection and public application is rarely disclosed at the point of consent.
Auditing Your Own Digital Footprint
For readers who wish to understand and limit their location exposure, several practical steps are available within current Australian settings.
Review application permissions systematically. Both iOS and Android provide location permission dashboards that list every application with access to location services, alongside the level of access granted — precise or approximate, always-on or only while in use. Applications that have no clear operational reason to access location should have that permission revoked.
Examine privacy policies before granting access. The relevant sections to locate are those describing data sharing with third parties and data retention periods. If a policy permits sharing with unnamed affiliates or data brokers, the effective reach of that permission is substantially wider than the application itself.
Disable advertising identifiers. Both major mobile operating systems allow users to limit ad tracking, which reduces the ability of third parties to link location data collected across different applications to a single persistent identifier.
Engage with loyalty programmes selectively. Consider whether the commercial benefit of participation justifies the breadth of data collection. Some programmes offer meaningful value; others function primarily as data acquisition mechanisms with token consumer rewards.
Lodge complaints with the OAIC. Where an organisation's data practices appear to breach the Australian Privacy Principles, individuals have the right to complain to the Commissioner. Regulatory attention is, in part, driven by the volume of complaints received.
A Reckoning Deferred
The location economy is not inherently malign. Geospatial data, responsibly collected and governed, underpins services that are genuinely useful — from emergency response coordination to accessible public transport navigation. The problem is not the technology but the absence of a social contract that makes the terms of exchange legible and equitable.
Australia has the legislative architecture to build such a contract. What has been lacking is the political urgency to complete the task. As the precision and commercial value of location data continues to increase, the cost of that delay will be measured not in abstract principle but in the concrete circumstances of individual Australians whose most private geographies are, at this moment, being mapped without their meaningful knowledge.