Privacy Commissioner John Edwards is open to extending a system that allows emergency services to locate a person without their consent.
But the watchdog has also warned about what he calls "scope-creep."
"The technology required to deliver the extended system could be highly intrusive if misused," he says.
"Unregulated, the proposed system extensions could allow location agencies - MBIE and emergency service providers - to locate almost any individual in the country at any time."
• Westfield's Newmarket mall has a new carparking app: How closely does it track you?
• 2degrees pulls out of Stats NZ's people-tracking project, citing privacy concerns
• Aussie regulator takes Google to court, alleging it misled users over location data
• Lobby group objects to sensors in state houses, Kāinga Ora responds
The Emergency Caller Location Information service, developed by Datacom, was first implemented in 2017.
Using a phone's GPS signal, it allows emergency services to more quickly locate people at risk of harm but who have not made a call to 111. For example, someone who is lost in a national park, kidnapped, or having indicated an intention to harm themselves or others.
Edwards says he supports the system's public safety benefits, but "in a way that is proportional and does not open the door to abuses."
He's therefore recommended the emergency caller location service be extended, but with new safeguards - which he says he'll check in on periodically to see the system is not being misused.
In a document just released for public discussion, Edwards proposes the location system only be used where it is necessary to prevent a serious threat to a person's life or health; that the duration of the tracking is minimised; that all use of the tracking technology is logged; and that the whole system is subject to his review.
He says emergency services should be able to locate any smartphone or tablet with phone services enabled at will - where life is in danger.
But he also proposes that the location system be opt-in for those with GPS-enabled devices such as "wearables" like a fitness band or smartwatch.
"This recognises that people may not expect emergency service providers to have access to the location of devices that are not designed to communicate, such as wearable devices, so individual authorisation will be required," he says.
The Privacy Commissioner says he's interested to hear public debate on that point.
Watchdog has a suggestion
Council for Civil Liberties chairman Thomas Beagle told the Herald, "This seems like an acceptable use of the technology and we appreciate the constraint that it can't be used for any other purpose.
"However, we have long held that any sort of emergency intrusion done for the benefit of an individual should be proactively revealed to that person after the event. We believe that this openness will provide an additional appropriate check on the use of this facility.
"If the authorities are reluctant to do this, we would have to question whether the access was really being done for their benefit."
The Herald put Beagle's comments to the Privacy Commissioner, who responded, "That sounds like a very useful submission to improve the process. We'll take it to the agencies and see what the implications for resourcing might be, given the anticipated volumes."