EU Leader Warns of Privacy Issues with Intelligent Transport Systems

July 24, 2009 // Published as a news service by IHS

The plan was proposed by the European Commission (EC) and adopted in December 2008 to accelerate and coordinate ITS deployment in road transport and ITS connection with other modes of transport.

The plan consists of an action plan setting out priority areas for action and a proposal for a directive laying down the framework for their implementation.

The deployment of ITS has considerable privacy implications because these systems make it possible to track a vehicle and to collect a variety of data relating to European road users' driving habits.

The EDPS opinion included the following main recommendations:

• Clarification of responsibilities - It is crucial to clarify the roles of the different actors involved in ITS in order to identify who will bear the responsibility of ensuring that systems work properly from a data protection perspective - for example, who is the data controller?
• Safeguards for the use of location technologies - Appropriate safeguards should be implemented by data controllers providing ITS services so that the use of location technologies is not intrusive from a privacy viewpoint. This should notably require further clarification as to the specific circumstances in which a vehicle will be tracked, strictly limiting the use of location devices to what is necessary for that purpose, and ensuring that location data are not disclosed to unauthorized recipients.
• "Privacy by design" approach - The EDPS recommended to consider privacy and data protection from an early stage of the design of ITS to define the architecture, operation and management of the systems. Privacy and security requirements should be incorporated within standards, best practices, technical specifications and systems.

The EDPS noted that data protection was taken into consideration in the proposed legal framework and that it was also put forward as a general condition for the proper deployment of ITS.

However, the EDPS underlined that the EC's proposal is too broad and too general to adequately address the privacy and data protection concerns raised by ITS deployment in the member states of the European Union (EU).

In particular, it is not clear when the performance of ITS services will lead to the collection and processing of personal data, what are the purposes and modalities for which data processing may take place or who will be responsible for compliance with data protection obligations.

"There is a risk that the lack of clarity of the proposed legal framework will create diversity in the implementation of intelligent transport systems and will lead to considerable uncertainty, fragmentation and inconsistencies, due to different levels of data protection in Europe," said Hustinx.

"Further harmonisation of data protection issues at [the] EU level is needed so that the many benefits offered by those systems are not hampered by a lack of compliance with essential safeguards for data protection," he added.

Background
ITS apply information and communication technologies (satellite, computer, telephone, etc.) to transport infrastructure and vehicles with the intention to make transport safer and cleaner and to reduce traffic congestion.

ITS applications and services are based on the collection, processing and exchange of a wide variety of data, both from public and private sources, including information on traffic and accidents, as well as personal data, such as that on the driving habits and journey patterns of citizens.

ITS deployment will also rely to a large extent on the use of geolocalization technologies, such as satellite-positioning and radio frequency identification (RFID) tags.

As such, ITS constitute a "data-intensive area" and raise a number of privacy and data protection issues that should be carefully addressed in order to ensure the workability of ITS across Europe.

Source: European Commission (EC).