The use of Big Data in the connected car is becoming a cause for concern among all automotive players, including location service companies such as TomTom. Companies like these face a constant battle balancing the use of customer data for technology development while still protecting those customers who may want to keep their personal data, personal.
In a recent Automotive Megatrends webinar, TomTom’s Corporate Privacy Officer, Simon Hania, explained the company’s experience on how to use Big Data generated by the car while maintaining customer trust and avoiding costly recalls due to privacy violations.
Maintaining trust, avoiding recalls
As a location service company, TomTom specialises in analysing traffic data patterns for traffic information, enabling it to pass useful information to their customers regarding potential traffic-flow problems and alternative routes. Hania explained that in the medium of location services, the consistent levels of technology which are rolling out, while helping consumers with their day-to-day navigation needs, often make them anxious, and unsure of what level of personal data is being transmitted, used, and for what purpose.
Hania explained that due to the automotive production cycle, technologies for the car being produced now will hit the road in three to four years’ time and that TomTom, among others, has to be careful that technologies created now will not violate legislation in that timeframe.
He also explained that location services have come under scrutiny from the government accountability office which carried out a study in 2013 of various location based services in the US automotive space, questioning a couple of car manufacturers and providers, including TomTom, triggering some publicity. He said, “The study was called by Senator Franken who has had a location privacy bill in the works since 2011 which is fairly strict and is similar in some ways to the European legislation. The bill made sure that we as an industry disclose what we do and safeguard the data, and also make ourselves accountable for our use of this data.”
The main findings of the study, explained Hania, was that there was much room for improvement regarding the disclosure of the data being used, along with the consent, safeguards, data retention, and accountability measures that been carried out by each company.
He said, “Some companies don’t even tell consumers why they are sharing data. Of course, there is some weight of consent,” but Hania also raised the question of, “do people really opt in?”
He said, “Three years ago, we hit the press because concerns emerged that we were selling data directly to the police to put up speed traps. In a way that was the case because there was a traffic consultancy that made the police look into our maps which don’t only constrain how fast you are allowed to drive, but also expected to drive, because of speed profiles.” The data collected by TomTom and requested by the police was used to improve safety or relieve traffic bottlenecks, as described in a public apology by TomTom’s Chief Executive, Harold Goddijn, but Hania suggested, “People were thinking their data was delivered to the police almost to give them a speeding ticket.”
Hania explained, “We had an investigation from the data protection authority, which concluded that what we delivered to the police did not constitute a breach of privacy.” However, TomTom took away from the experience the importance of being explanatory with the data it takes from its users. He said, “Customers give data in good faith and it should be used in the correct way.”
European privacy and data laws
Hania explained that European Commissioner Viviane Reding recently raised awareness of the fact that some Android apps are simply illegal, as he explored the importance of data protection law, and pointed out that European law states that the data is only allowed to be processed by any company once certain conditions are in place.
Hania explained, “Not only do you need to have predefined purposes such as reasons for capturing the data, but you also need to state how long you will be using the data for and how much data you will obtain.” As well as these data usage and storage conditions, Hania explained the need to make the data usage terms understandable by the user, as well as the user having the chance to opt out of sharing their data.
A company using a customer’s data also needs to prove that it is going to protect the confidentiality of that user, as anything that can relate to an individual can technically be seen as personal data.
Hania, therefore, pointed out that there are many misconceptions when it comes to the use of data, such as a company stating that it does not identify the user while using the data, so has no issues with privacy law. Hania said, “It’s not that you don’t identity them, it’s that you could identify them with access to their data.”
Asking permission
Location data in a car context creates challenges because it is to be considered sensitive personal data – and could deduce where someone lives, and where they visit on a daily basis. Hania explained that this is considered sensitive information, meaning that the provider would need an explicit yes or no from the user.
Other common misconceptions regarding data privacy law is the ability to send, receive or use personal data when it is encrypted. However, Hania noted, “Whether encrypted or not, the data is still personal data, and the ability to pinpoint the user still exists.”
Crowd sourcing information for traffic management purposes also requires permission from the users of TomTom and similar devices, which TomTom goes about in a multilayered approach, meaning that owners are asked the information more than once, as part of the start-up wizard, every time a user changes the language on his device, and also every 12 months. This is done by TomTom to make sure that any new device users are aware of the data TomTom is requesting to use, and can opt out if they choose to.
As the car becomes more connected and works its way to becoming increasingly automated, Hania explained that for all of the required services to work together, there needs to be some compromise. He said, “We need to make sure the driver has knowledge and influence on this and that it can be gradual.”
An example of user knowledge when it comes to data is usage based insurance. Hania explained that if a driver can’t drive his car during the night then the insurance company should not be collecting information on where he is driving as well as when he is driving, due to the driver not being aware of this. Similarly, If a driver takes out a policy saying he’s not going to drive in the London area, it only needs to register when he does. He added, “You need to look at what data really needs to be taken from the car and when, and the company’s need to be aware what data they are allowed to take.”
Understanding Big Data from the very beginning
While data usage restriction laws and practices can become an issue, the key is for a company to make its data usage boundaries and conditions clear right from the start, not just as an afterthought. He said, “This way, the restrictions are not always restrictions, and can actually help a company engage with its user and make him willing to give data when he gets something in return for it such as a great, personalised service. However, he needs to be in control of how much data he releases and when.”
The future of Big Data
Even though companies such as TomTom need as much access to data as possible to advance developments in their fields, Hania explained that moving towards an acceptance from consumers is about being open and honest and avoiding eerie feelings. He said, “If you feel the need to hide something, you have an accident in the making.”
Hania added, “It’s uncharted territory in a way but we are getting there, and the car industry as a whole needs to move further towards explaining more of what they are doing with data and their data rights and restrictions, to allow and maintain trust in this area.”
He concluded, “Data is only useful when it’s big, and to create Big Data, we need to firstly gain consumer trust.”
Rachel Boagey
