Apple is under pressure to explain why the iPhone tracks and stores users' movements in a hidden file.
The Information Commissioner today said anyone who is concerned about the log of their whereabouts can make a complaint to his officials, who enforce the Data Protection Act.
Overnight US Congressmen led calls for Apple to explain itself over the way the iPhone logs users' coordinates based on the mobile network masts to which they are connected. The Federal Communications Commission meanwhile reportedly said it will look into the matter.
The file is stored it on both the phone and the computer it is associated with, and is not protected by a password or encryption. The security firm F-Secure also claimed the iPhone reports location data back to Apple twice a day.
In a letter to Steve Jobs, the Democratic Senator Al Franken, who leads a Senate privacy panel, said: "Anyone who gains access to this single file could likely determine the location of the user's home, the businesses he frequents, the doctors he visits, the schools his children attend, and the trips he has taken over the past months or even a year."
Senator Franken asked the Apple CEO to explain why the data is captured, what it is used for and why it did not seek "affirmative consent" from users.
The controversy was sparked yesterday when two British security researchers, Alisdair Allan and Pete Warden, published their findings about the hidden file, which is enigmatically named "consolidated.db". They released a downloadable application that plots users' movements on web-based mapping software to illustrate the privacy implications.
In its statement the Information Commissioner's Office said: "All businesses that are collecting people’s data should have clear and accessible privacy notices. This is especially important where users are unlikely to appreciate the privacy implications of a service they are using.
"Apple has a legal obligation to make clear how people’s information might be used when customers sign up. Equally, customers should make sure they carefully read through terms and conditions.
"Anyone who has a data protection concern can bring their complaint to us and we will look into it.”
But Professor Ross Anderson, a privacy and security expert at the University of Cambridge, argued the location log could not be considered anonymous data.
"If your location history were to be kept anonymous, it would have to be broken up into separate segments of a few hours or perhaps even less," Prof. Anderson said.
"As it is, if our location histories were to be published without our names on, then anyone who knows where you were at a few definite times in the past can identify your location history from among all the millions of other people's, and then work out where you were at (say) evenings and weekends."
Apple has not yet publicly responded to the controversy.