Dataveillance is the systematic creation and/or use of personal data for the investigation or monitoring of the actions or communications of one or more persons. The term emerged in the 1980s, initially as a set of tools for exploiting data that had already been collected for some other purpose.

 Developments in information technologies, combined with a voracious appetite for social control among government agencies and corporations alike, has seen dataveillance practices diversify and proliferate. The regulatory frameworks that enable and control dataveillance activities appear not to have attracted a great deal of attention in the literature.

Data privacy measures, usually referred to as (personal) data protection, have been the subject of a great deal of activity in legislatures, resulting in many countries having data protection oversight agencies and a modest level of jurisprudence. On the other hand, provisions that enable rather than constrain dataveillance are voluminous, both pre-dating data protection laws and passed subsequently, and hence often qualifying or over-ruling them.

This paper presents an initial survey and structuring of the field of dataveillance regulation in a manner intended to facilitate the conduct of research in the area. Its scope extends well beyond legislation to encompass all forms of regulatory mechanisms. It identifies ways in which the effectiveness or otherwise of regulatory schemes can be evaluated. It suggests classification schemes that can be applied to dataveillance regulation through technology and by law. This lays, we believe, a foundation for the analysis of the regimes in particular jurisdictions whereby dataveillance practices are regulated, for comparisons among jurisdictions, and for comparative evaluation of degrees of freedom and of authoritarianism.