First publishedin ITS International
Data collected by road agencies informs many decisions but it can also be a source of privacy concerns and lawsuits.
Dr Caitlin Cottrill, lecturer at the University of Aberdeen’s School of Geosciences, examines the impact of privacy legislation on the transportation sector.
Growing reliance on big data, underscored by the increasing ubiquity of smart infrastructure and the ‘Internet of Things’, has profoundly impacted the regulatory environment experienced by transportation professionals. This is particularly the case in relation to the privacy of personally identifying information (PII). There has been increased attention to the topic following recent reported cases of actual or perceived privacy violation, such as the US National Security Agency’s PRISM programme and various alleged privacy violations by social media sites.
For transportation professionals, the issue of privacy is of paramount importance, as traditional methods of privacy protection (simply removing personally identifying information from datasets) may no longer be adequate means of protecting individuals’ privacy. Studies such as Latanya Sweeney’s work on the re-identification of persons from ‘anonymous’ data sets are particularly relevant, as they indicate the potential uniqueness of individual travellers.
In transportation, the greatest concerns typically relate to information and/or data privacy. This complex subject (which has generated a significant amount of academic and legal research) is best described by Pavlou (2011) as, “…the concept of controlling how one’s personal information is acquired and used.” Central to this is location privacy, described by Beresford and Stajano (2003) as, “the ability to prevent other parties from learning one’s current or past location.”
However, intelligent transport systems are increasingly reliant on data that can be linked to individual travellers (including smart card data, video surveillance, emerging connected vehicle data, and data from mobile devices), often in realtime. In order to meet both legal and ethical requirements related to location privacy, transportation professionals need to be fully informed of data management techniques. Transportation and location data can reveal personal habits, preferences and behaviours, as it provides both spatial and temporal data on the traveller’s activities. As such, identifying appropriate methods for its treatment is moving up transportation professionals’ agenda.
The legal landscape regarding data and location privacy is highly fragmented with applicable regulations existing at local, state, national and international levels. A number of recent high-profile cases in the US Supreme Court (such as U.S. v. Jones and Riley v. California) have directly addressed privacy issues as they relate to location and personal data. Privacy is also being addressed on the international stage through findings such as that from the European Union court’s “Right to be Forgotten” ruling.
Such cases and concerns have led to an increase in the standards and regulations concerning the collection, use and sharing of data. Of particular interest to the transportation sector is the American National Institute of Standards and Technology (NIST) publication, ‘Security and Privacy Controls for Federal Information Systems and Organizations’ which draws on standards of the internationally-recognised Fair Information Practice Principles. The guidance is designed in part to, “Provide…a structured set of privacy controls, based on best practices, that help organizations comply with applicable federal laws, Executive Orders, directives, instructions, regulations, policies, standards, guidance, and organisation-specific issuances…” Given the myriad privacy regulations applicable to transportation and related data, such guidance should prove a useful tool for ensuring compliance.
NIST observed that in technological and policy contexts, privacy reaches far beyond simple confidentiality – which is crucial in the transportation sector as the data collected may often lead to actual or perceived privacy violations. In the US and Canada, for example, privacy concerns have been cited as reasons to prevent or delay the installation of red-light cameras. In Australia, privacy concerns have recently been raised over law enforcement agencies accessing MyWay smart transit card data without a warrant.
Such privacy issues are widely reported in the media and may impact large numbers of travellers, which serve to underscore the need for widespread, consistent and effective methods of privacy protection for data used in the transportation arena. Issues such as data integrity, veracity and access management coupled with citizen awareness of data collection and its intended uses, extend the reach of the standard practices needed within the transportation realm.
Two key issues are data collection and ownership. Traditionally, transportation surveys and road count data are collected directly by (or on behalf of) transportation agencies and are subject to relatively clear privacy requirements regarding storage and use.
However, as noted by the US’s National Renewable Energy Laboratory (which houses the Transportation Secure Data Center), privacy concerns by data-collecting organisations may constrain the willingness of agencies to share data with outside parties for research and technical purposes. Conversely, uncertainties regarding appropriate privacy practices for the purchase and management of data from third parties (such as location-sensing smartphone app developers) may limit the potential development of public-private partnerships that would enhance the data resources of transportation agencies.
Addressing such concerns requires a thorough understanding of data resources in play, the potential for disclosure of personally identifying information (through both individual and combined data sets) and appropriate methods of ensuring compliance with relevant privacy requirements.
While privacy policies routinely convey privacy practices to the consumer, they are generally insufficient for ensuring compliance by agencies. Structured internal procedures are generally necessary to define technological and administrative privacy requirements. NIST has provided a comprehensive overview of administrative, technical and physical safeguards that related to: authority and purpose; accountability, audit and risk management; data quality and integrity; data minimisation and retention; individual participation and redress; security; transparency; and use limitation. This includes elements such as privacy notices and policies, administrative procedures establishing the legality of collecting certain types of data, minimising the collection and retention of and access to PII, and conducting privacy audits.
Such methods should provide a clearer internal approach to the minimisation of potential for privacy harms. A number of technological processes, such as cryptography, password protection, and data encryption, may also be layered underneath these administrative safeguards to provide physical safeguards for data protection. Adopting a technology-neutral approach to these practices will ensure process flexibility as technologies evolve.
Caution is required, however, in applying the range of methods for managing privacy. While the suggested procedures provide data collecting agencies with a good degree of flexibility in tailoring methods to specific needs (such as data aggregation to de-identify individual smartphone data, or geographical masking of GPS points), such activities can also degrade data quality.
Additionally, data management policies should be evaluated to ensure consistency across the organisation and to minimise the potential for legal liability if data is released or accessed incorrectly. This highlights the need for agencies to undertake coordinated planning of technological and policy-related privacy protections.
As data sharing becomes increasingly simple from a technological standpoint, the need to clarify and enforce data protection standards between agencies becomes evermore apparent. While transportation agencies may develop appropriate management and protection procedures within their own organisations, they should also ensure that data collected by (or shared with) outside agencies conform to these expectations and policies. Including these requirements in inter-agency agreements, and certifying compliance, may assist with the ability to leverage data collected by external agencies to support assorted transportation projects.
Such agreements and practices are particularly important as improper data releases or handling practices may result in a loss of trust from the travelling public and bring about withdrawal of data access rights. Ensuring policies related to tertiary uses of data purchased by a public transportation agency from a private provider are consistent with the agency’s internal policies will be a necessary step in satisfying legal requirements for privacy protection. In these cases, it will likely be necessary to ensure that agreed practices are consistent with the more restrictive entity, and that management responsibility is clearly defined across the data landscape.
Finally, if data is to be released or shown publically, it is critical that the information cannot be used to re-identify individual users. Methods including data cloaking, use of pseudonyms, data aggregation and statistical privacy testing should be applied in ways that allow for compliance with both open data and privacy regulations. Determining the balance between these requirements will depend on factors including funding sources, the data collected and purpose of disclosure. References
Given the increasing ability to collect detailed and timely data, privacy will remain an ongoing concern. Developing consistent, coordinated, and technology-neutral practices to address privacy requirements will be critical in maximising transportation agencies’ ability to leverage new datasets for the benefit of the travelling public. Failure to set privacy requirements will erode citizens’ trust and associated loss of data rights. Adequate data privacy is also a necessary component in maximising partnership opportunities, particularly at the international level.
While transportation-related privacy regulations are still evolving, taking early action to establish comprehensive policies and procedures will demonstrate that the industry is responsive and prepared for emerging needs.
Beresford, A.R., and F. Stajano. 2003. Location Privacy in Pervasive Computing. IEEE Pervasive Computing 2 (1): 46–55. doi:10.1109/MPRV.2003.1186725.
Pavlou, Paul A. 2011. “State of the Information Privacy Literature: Where Are We Now and Where Should We Go.” MIS Quarterly 35 (4): 977–88.