Car location data has the potential to be abused. Companies need to act responsibly by assessing the risk of invasion of privacy and the value of data, says Henri Kujala
Globally, the number of disparate rules and regulations is increasing, requiring companies to spend more time and energy focusing on and keeping up-to-date with. Companies need to make sure they keep up with any changes in legislation and developments in technology. To do this, businesses can use the advances being made in location to help follow privacy protection guidelines. The results can be important, as location data can deliver many road-centric services, such as car maintenance and road safety alerts or on-demand parking and EV charging services.
The car industry is becoming more and more complex from the perspective of data protection. Car manufacturers have long recognised that their area of responsibility doesn’t stop at the vehicle, but continues with the data throughout the delivery chain. Therefore, they are naturally mindful of the risks and consequences when selecting suppliers to provide services as part of their ecosystem.
Users may think that deleting personal information preserves anonymity. De-identification, however, does not necessarily constitute anonymisation, as it may still be possible to trace the data back to the user. When a user travels, their devices do not necessarily generate isolated data points. Travelling from one place to another may produce a whole sequence of locations and timestamps that come together to chart a path on a map. The whole sequence, called a trajectory, can be particularly revealing – it is what can make this category of location data more complex to manage over others.
A company can delete all personal information from these data points at any time. However, it is also possible for anyone – including third parties – to add other publicly available associated data to these trajectories and then use this combination of data for identification. The result is that it may still be possible to identify individuals by using a multitude of location data points associated to a static identifier, for example.
Privacy issues can then arise when companies open certain information to their data users, which can then be exploited for various purposes. Well-meaning developers or researchers can rely on open data to design smarter solutions; yet in the wrong hands, this can be cross-referenced with external information to reveal information that is not intended to be exposed.
The role of the blockchain
In recent years, the blockchain has opened new discussions on data security and how it can assist in privacy protection. At the moment, blockchains are used primarily in the large-scale movement of goods and in financial transactions such as cryptocurrencies. But in the future, demand for the security that blockchain provides may rise exponentially, placing responsibility on companies to provide secure and compliant infrastructures.
As blockchain expands, so too will the data it records, which in turn increases trust. Professionals can add more data by ensuring that an asset has moved from a warehouse to a lorry at a given time. For example, it can show that the asset moved from a specific shelf in a warehouse on a specific street and was moved by a specific truck operated by a specific driver. Securing trust with the location data provides assurance that activities are happening correctly.
Layering mapping capabilities and rich location data to a blockchain record also enables fraud detection. The blockchain ensures that the updates are accurate.
Blockchains make transactions transparent and decentralised, enabling the possibility of automatically verifying accuracy by matching the location of an item with the location report from a logistics company. As every computer in the network has its own copy of the blockchain, this helps to eliminate a single point of failure or fraud.
The importance of handling data and consent correctly is apparent, as is keeping track of compliance measures across multiple countries, each with their own slightly differing rules and legislation. Multiple resources can be used to monitor regulations, including subscriptions to third party platforms such as DataGuidance and participation in industry groups such as the International Association of Privacy Professionals and the Future of Privacy Forum.
No company or institution can claim to have the perfect privacy solution for location data. What they can do, however, is act responsibly by assessing the risk of invasion of privacy on the one hand and the value of data on the other. Only in this way will they be able to create a win-win situation that combines confidentiality and value for services. To fully protect their company and customers, data privacy must be at the heart of every business decision that business leaders make.
Henri Kujala is global data privacy officer at HERE Technologies (www.here.com)
Subscribe to our newsletter
Stay updated on the latest technology, innovation product arrivals and exciting offers to your inbox.Newsletter