Henri Kujala, senior director and global data privacy officer at HERE Technologies, looks at the challenges surrounding the privacy of data being generated by vehicles and the technology and systems available that can help to make it useful in a truly anonymised fashion – from blockchain to platforms that keep track of a the changing regulatory landscape.
After the UK left the EU, it created its own version of GDPR. As a result the number of distinct rules have increased which means that companies have to monitor a growing range of regulations. Companies need to make sure they keep up with any changes in legislation and developments in technology. To do this, businesses can use the advances being made in location to help follow privacy protection guidelines. The results can be important, as location data can deliver many road-centric services, such as car maintenance and road safety alerts or on-demand parking and EV charging services.
All of this comes at an interesting time for the country. The automotive industry is becoming more and more complex from a data protection perspective, with the methods of autonomous driving, and other mandatory data collection activities. Automakers have long recognised that their area of responsibility doesn’t stop at the vehicle, but continues with the data throughout the delivery chain. Therefore, automakers are naturally mindful of the risks and consequences when selecting suppliers to provide services as part of their ecosystem.
Users may think that deleting personal information preserves anonymity. De-identification, however, does not necessarily constitute anonymisation, as it may still possible to trace the data back to the user. When a user travels, their devices do not necessarily generate isolated data points. Travelling from one place to another may produce a whole sequence of locations and timestamps that come together to chart a path on a map. The whole sequence, called a trajectory, can be particularly revealing – it is what can make this category of location data more complex to manage over others.
A company can delete all personal information from these data points at any time. However, it is also possible for anyone – including third parties – to add other publicly available associated data to these trajectories and then use this combination of data for identification. The result is that it may still be possible to identify individuals by using a multitude of location data points associated to a static identifier, for example.
Privacy issues can then arise when companies open certain information to their data users, which can then be exploited for various purposes. Well-meaning developers or researchers can rely on open data to design smarter solutions; yet in the wrong hands, this can be cross-referenced with external information to reveal information that is not intended to be exposed. In recent years, blockchain has opened new discussions on data security and how it can assist in privacy protection.
How blockchain provides security
At the moment, blockchain is used primarily in the large-scale movement of goods, and in financial transactions like cryptocurrencies. But in the future, demand for the security that blockchain provides may rise exponentially, placing responsibility on companies to provide secure and compliant infrastructures.
As blockchain expands, so too will the data it records, which in turn increases trust. Professionals can add more data by ensuring that an asset has moved from a warehouse to a lorry at a given time. For example, it can show that the asset moved from a specific shelf in a warehouse on a specific street and was moved by a specific truck operated by a specific driver. Securing trust with the location data provides assurance that activities are happening correctly.
Layering mapping capabilities and rich location data to a blockchain record also enables fraud detection. Blockchain ensures that the updates are accurate.
Blockchain makes transactions transparent and decentralised, enabling the possibility to automatically verify its accuracy by matching the location of an item with the location report from a logistics company. As every computer in the network has its own copy of the blockchain, this helps to eliminate a single point of failure or fraud.
The importance of handling data and consent correctly is apparent, as is keeping track of compliance measures across multiple countries, each with their own slightly differing rules and legislation. Multiple resources can be used to monitor regulations, including subscriptions to third party platforms such as DataGuidance; and participation in industry groups such as the International Association of Privacy Professionals (IAPP) and the Future of Privacy Forum (FPF).
No company or institution can claim to have the perfect privacy solution for location data. What they can do, however, is act responsibly by assessing the risk of invasion of privacy on the one hand, and the value of data on the other. Only in this way will they be able to create a win-win situation that combines confidentiality and value for services. Business leaders must bring data privacy into the centre of their business processes, to not only follow their responsibility as a company but for the benefit this brings to their customers.