Connected car, big data, big brother?

Transcription

1 Connected car, big data, big brother? Using geolocation in a trustworthy and compliant way [email protected]

2 Trends that threaten trust 2

3 Connected cars with downloadable apps Location services, cloud, internet-of-thing, big data 3

4 Privacy, security, safety How it fits together Topic Is about Key notions Privacy Data Privacy / Data Protection Information Security Safety, physical security Self determination, non-interference Proper & fair use of information about an individual Protecting/securing information Being free from effects of errors, accidents, incidents, violence etc. Freedom, Liberty, Dignity, Honor Collection & use limitation, Data quality, Purpose specification, Security safeguards, Openness, Accountability Confidentiality, Integrity, Availability Ownership, integrity, reliability, perimeter 4

5 Revolutionising navigation In 4 steps 4. TomTom HD Traffic 3. IQ Routes 2. Map Share 1. Base maps 4. TomTom HD Traffic 3. IQ Routes 2. Map Share 1. Base maps 4. TomTom HD Traffic 3. IQ Routes 2. Map Share 1. Base maps 4. TomTom HD Traffic 3. IQ Routes 2. Map Share 1. Base maps 5

6 TomToms trip archive Anonymous location and speed information from the TomTom user community 5 billion (10E9) speed measurements per day 5 trillion (10E12) speed measurements to date! by customers driving 50 billion kilometres and visiting every spot over 1,000 times

7 Creating TomTom HD Traffic: data sources Range of high-quality real-time data sources 7

8 In-car location services under scrutiny 8

9 Main GAO findings 10 companies were questioned Disclosure: all tell, 9 in broad terms, 5 omit purposes for sharing Consent & controls: all seek consent in some way, all offer some control, none who retain allow deletion Safeguards & retention: all take steps, but in different ways at different levels of de-identification and deletion 9 Accountability: all take steps to protect location data and have accountability policies, be it internal only

10 Main GAO findings: room for improvement 10 companies were questioned Disclosure: all tell, 9 in broad terms, 5 omit purposes for sharing Consent & controls: all seek consent in some way, all offer some control, none who retain allow deletion Safeguards & retention: all take steps, but in different ways at different levels of de-identification and deletion 10 Accountability: all take steps to protect location data and have accountability policies, be it internal only

11 Location privacy is top of mind With bloggers, press, regulators, enforcers, legislators and many users alike TomTom investigated by leading European Data Protection Authority in 2011 TomTom s use of location data is in accordance with EU Data Protection Laws Processing and delivery to third parties 100% OK Informing users needed to be more explicit, including opt-in 11

12 Drivers, police & TomTom An explosive mixture 12

13 Community input with permission We profile roads, not people 13

14 TomTom & Privacy Vision: Community input (crowd sourcing) is strategic Privacy helps to realize business objectives by ensuring trust Privacy is integral part of business continuity above and beyond legal compliance Principles: 1. Avoid unpleasant surprises: Customer insight is paramount Be open and explain hesitation is an omen Keep it simple 2. The customer remains in control of his personal data: we have it on a license 14

15 Key elements of EU data protection laws Challenging the potential of Big Data 1. Personal data broad(ening) definition 2. Pre-defined purposes only 3. Volume and time limitations 4. Understandable explanation 5. Consent, legal obligation or balance of legitimate interests must apply 6. Right to view, correct and object 7. Protect confidentiality, integrity & availability 15

16 Privacy, amongst others, is about the protection of personal data Personal data: Contains (whatever) information relating to a natural ( real ) person That person could be identified, directly or indirectly Typically: data attached to unique identifiers Anonymous only: When no reasonable way exists to identify ( single out ) a person Even when requiring correlation with other data sources (e.g. maps and phonebooks) By anyone with the right resources 16

17 But: do not forget EU cookie law Much broader scope than you may think Any data stored on or retrieved from a device connected to a public telecom network requires 1. Understandable explanation 2. Unambiguous consent Unless the data is strictly necessary for the services offered to the user or for a purely technical purpose. 17

18 Privacy Policies, Standards & Guidelines 7 key objectives 1. We assess our intended use of PD early to drive requirements 2. We document PD: purpose, legitimate ground, retention, access, jurisdiction(s) 3. We ensure we have obtained or will obtain informed user consent, if applicable 4. We minimize the amount of PD (volume and time) and who has access: we de-personalize or destroy PD as soon as possible 5. We keep ensuring adequate security measures based on risk assessment of confidentiality, integrity and availability 6. We do not expose PD to any third party, unless the third party contractually agrees to comply to our policies (or law forces us) 7. We enable the user to exercise his rights (information, access/download, correction, deletion) 18

19 The 6 privacy questions 1. What personal data are we processing? in categories, groups, examples 2. Why are we processing personal data? clear (multiple) purposes 3. When can we destroy the personal data? automatically or user triggered 4. Who will have access and will be accountable? including third parties 5. Where will we process and store the personal data? transfer outside of the EU requires agreements 6. Will we have a legitimate basis for processing? 19

20 Typical personal data misconceptions very often present in technology companies We do not identify the user while using the data, so we have no issues with privacy law We only use the serial number of the users device, so the data is anonymous and we have no issues with privacy law We encrypt the data, so we are no longer using/receiving/sending personal data We use hashes to replace all serial numbers, so the data is now anonymous and we have no issues with privacy law We anonimize the data, so we are not using personal data We can use the users data for anything we want, as long as we keep the data to ourselves Look: big name companies are doing the same, so we are OK 20

21 provide a specific location-based service, such as real-time traffic information. Companies may also choose to contract with third-parties that provide all location-based services on their behalf; among our selected companies, this is most common among the auto manufacturers. 6 (See fig. 2.) Location data in a car context In the EU to be regarded as sensitive personal data Figure 2: How Location Data Are Transmitted to Provide In-Car Location-Based Services Source: GAO Note: While companies use cellular networks to transmit location data, we excluded telecommunications companies that provide these networks from this review because they were included in our 2012 report on mobile devices. See GAO Requires prior, informed, explicit consent separate, not in T&C s! 21 The in-car location-based services industry continues to change and evolve: new partnerships are emerging in the marketplace, existing

22 Can location data be anonymous? Research indicates: hardly ever 22

23 Avoiding re-identification is key TomTom has a strict code of conduct to adhere to privacy laws 1 month 1 day Historic trip archive only to be used for road, traffic and related purposes No access to raw data outside TomTom, ever TomTom performs processing TomTom ensures reidentification is impossible e.g. through sufficient aggregation 23

24 GAO on reducing risks to privacy Step by step reducing the potential to identify the user Figure 3: Examples of De-Identification Methods and Privacy Risk Source: GAO 24 Although location data that are coupled with personal information, such as a name, pose the greatest privacy risk to consumers, company representatives told us that in some cases, they need such data to provide certain services. For example, one auto manufacturer we met

25 Recommendations Incorporate data protection requirements from the start Take a multi-disciplinary approach: it is about your license to operate in the information society Embed privacy by design into development processes Document your data: what, why, when, who, where Appoint a privacy czar in your organization 25