You are currently browsing EDRi's old website. Our new website is available at https://edri.org

If you wish to help EDRI promote digital rights, please consider making a private donation.


Flattr this

logo

EDRi booklets

EDPS: New privacy issues in relation to intelligent transport systems

29 July, 2009
» 

This article is also available in:
Deutsch: EDPS: neue Datenschutzthemen im Zusammenhang mit intelligenten Transpo...

Peter Hustinx, the European Data Protection Supervisor (EDPS), issued on 22 July his opinion on the European Commission's proposed plan, adopted in December 2008, to accelerate and coordinate the deployment of intelligent transport systems (ITS) in road transportation in Europe, and their connection with other modes of transport . The deployment includes an Action Plan establishing priority areas for action and a Directive proposal laying down the framework for their implementation.

Intelligent Transport Systems (ITS) are applications using Information and Communication Technologies embedded in different modes of transport that interact between them (such as GPS systems), meant to make transport safer and cleaner and to reduce traffic congestion. ITS applications and services are based on the collection, processing and exchange of a large range of data and allow for the tracking of a vehicle and the collection of personal data such as driving habits. As such, they raise several privacy and data protection issues.

"The problem is not what the data tells the state, but what happens with interlocking information it already has. If you correlate car tracking data with mobile phone data, which can also track people, there is the potential for an almost infallible surveillance system," said Simon Davies, director of the watchdog Privacy International.

While welcoming the fact that the proposed ITS deployment plan aims at harmonising the data processes throughout Europe, the EDPS however warned that the proposed plan raised a series of issued related to privacy and data protection.

Hustinx believes there is a lack of clarity of the proposed legal framework that might create diversity in the implementation of ITS in Europe thus leading to different levels of data protection in Europe. "The EDPS emphasizes the need for further harmonisation on these issues at EU level to clarify outstanding issues (such as definition of the roles and responsibilities of ITS actors, which specific ITS applications and systems must be embedded in vehicles, the development of harmonised contracts for the provision of ITS services, the specific purposes and modalities of use of ITS etc)."

One important aspect in his opinion is that data controllers must be clearly identified "as they will bear the responsibility to ensure that privacy and data protection considerations are implemented at all levels of the chain of processing."

Also, the data controllers providing ITS services should implement appropriate safeguards "so that the use of location technologies is not intrusive from a privacy viewpoint. This should notably require further clarification as to the specific circumstances in which a vehicle will be tracked, strictly limiting the use of location devices to what is necessary for that purpose and ensuring that location data are not disclosed to unauthorized recipients".

The interconnection of the systems and applications must also be done "with due respect for data protection principles and practical safeguards on security," and personal data must be processed only if necessary "for the specific purpose for which ITS is used and pursuant to an appropriate legal basis".

The EDPS emphasizes the importance of not using the processed personal data "for further purposes that are incompatible with those for which they were collected" and he recommends the introduction of an explicit reference to the notion of privacy by design for ITS applications and systems saying that data "may not be used for purposes other than the ones for which they were collected in a way incompatible with those purposes."

The EDPS recommends that privacy and data protection should be considered during the early design stages of any ITS. "Privacy and security requirements should be incorporated within standards, best practices, technical specifications and systems."

His final recommendation is that data protection authorities, such as Article 29 Working Party and the EDPS should be closely involved in all the initiatives related to the deployment of ITS "through consultation at a sufficiently early stage before the development of relevant measures."

European Data Protection Supervisor Opinion on the Communication from the Commission on an Action Plan for the Deployment of Intelligent Transport Systems in Europe and the accompanying Proposal for a Directive of the European Parliament and of the Council laying down the framework for the deployment of Intelligent Transport Systems in the field of road transport and for interfaces with other transport modes (22.07.2009)
http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/...

Big Brother is watching: surveillance box to track drivers is backed (31.03.2009)
http://www.guardian.co.uk/uk/2009/mar/31/surveillance-transport-commun...

Intelligent transport raises privacy concerns (23.07.2009)
http://www.euractiv.com/en/infosociety/intelligent-transport-raises-pr...

‹ Finnish CSS case application lodged in the European Court of Human RightsupFrance: CNIL's opinion on LOPPSI draft law ›
Printer-friendly version
 
Site by Floatleft.

Syndicate:

Syndicate contentCreative Commons License

With financial support from the EU's Fundamental Rights and Citizenship Programme.
eu logo