The Office of the Data Protection Commissioner is to seek clarification from mobile telecoms companies Eircell and Esat Digifone of their retention of call records for nearly seven years.
Access to the information effectively turns mobiles into potential "tagging devices" that provide a snapshot of an individual's daily actions.
"This is quite shocking that we have this degree of information on people's movements being stored, and shows the strong need for explicit privacy protection legislation in Ireland," said Mr Malachy Murphy, co-chairman of the Irish Council on Civil Liberties (ICCL) and convener of its e-rights group.
Both operators said they were holding customer "locator records" - which can pinpoint a phone user's location to within a few dozen feet in urban areas - for more than six years because they believed it was necessary for compliance with the Irish statute of limitations.
The records are produced whenever a mobile is switched on, not just when a call is made but also hourly, as the network automatically tracks the phone to keep it within network coverage.
"It's effectively like having a tagging device on a person," said Mr Murphy. Nearly 70 per cent of Irish people own a mobile phone.
The disclosure will be embarrassing for the Government, since the Republic has been eager to advertise its pro-privacy, pro-e-commerce regulatory environment.
The ICCL said the Republic already had weak laws regarding phone-tapping. And the long-term retention of electronic data, such as locator records, was at the heart of a major EU battle over whether to increase the surveillance capabilities of law enforcement.
A proposal from the EU's Telecommunications Council last July to retain such data was roundly rejected by both the European Parliament and the Commission. But American and British agencies are understood to be pressuring the EU to weaken its data protection provisions and allow for electronic records to be retained for years.
Ironically, Irish mobile operators are apparently voluntarily and illegally retaining data at the centre of this major European privacy debate, said Mr Tony Bunyan, director of European privacy group Statewatch in London.
The Office of the Data Protection Commissioner said such information was supposed to be destroyed after it was used to prepare customer bills, unless the records were permanently "atomised" so that an individual's name could never be reconnected to a given set of records.
Mr Laurence McAuley, head of regulatory affairs for Eircell, said the records were held "online" - where they were associated with a name for billing purposes - for six months.
Afterwards, the records are archived for six years but are atomised so that "we can't use them for marketing purposes". However, Mr McAuley said the company could reconnect the records to an individual name if needed and would do so if required by law enforcement.
But assistant data commissioner Mr Ronnie Downes said such information definitely could not be held under such conditions and that data protections existed not just to block unwanted marketing but also to defend broader privacy rights.
:quality(70)/s3.amazonaws.com/arc-authors/irishtimes/2a429887-bb72-4814-bd40-0cbf79fe8d51.png)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/VR3765MFOBH2NMV2QNICYDF67M.png)