Location services and privacyUsing geolocation in a trustworthy and compliant waySimon.Hania@tomtom.com
2Trends that threaten trust
3Connected cars with downloadable appsLocation services, cloud, internet-of-thing, big data
44. TomTom HD Traffic3. IQ Routes2. Map Share1. Base mapsRevolutionising navigationIn 4 steps4. TomTom HD Traffic3. IQ Rou...
5TomTom Traffic coverageIt covers up to 99.9% of all roads
6Creating TomTom HD Traffic: data sourcesRange of high-quality real-time data sources
TomToms trip archiveAnonymous location and speed information from theTomTom user community5 billion (10E9) speed measureme...
8Travel times to hospitalBased on real worldmeasurementsLONDONBased on theoreticalmaximum speedsThe reality check that can...
Origin/Destination analysis9Example: Trips with Frankfurt Airport as destination• Where are yourcustomers comingfrom?• Wha...
Drivers, police & TomTom10An explosive mixture
Location privacy is top of mindWith bloggers, press, regulators, enforcers, legislatorsand many users alike11• TomTom inve...
Community input – with permission12We profile roads, not people
13How to enact?Nothing totally new, really1. Principles - is what everyone should know2. People - make the difference: goo...
TomTom & Privacy14Vision:Community input (crowdsourcing) is strategicPrivacy helps to realize businessobjectives by ensuri...
15Privacy Policies, Standards & Guidelines7 key objectives1. We asses our intended use of PD early to drive requirements2....
16The 6 privacy questions1. What personal data are we processing?2. Why are we processing personal data?3. When can we des...
Privacy, amongst others, is about theprotection of personal dataPersonal data:• Contains (whatever) informationrelating to...
18Typical personal data misconceptionsvery often present in technology companies• We do not identify the user while using ...
19Can location data be anonymous?Research indicates: hardly ever
Avoiding re-identification is keyTomTom has a strict code of conduct to adhere to privacy laws• Historic trip archive only...
21Lessons learnt• It is about trust and credibility, not about privacy or laws:• “Anonymous”, “aggregated” is evasive term...
22Recommendations• Incorporate data protection requirements from the start• Take a multi-disciplinary approach: it is abou...
Upcoming SlideShare
Loading in …5
×

Tom tom - Location services and privacy | Simon Hania @ VINT symposium THINGS 2013

3,831 views

Published on

Published in: Technology, News & Politics
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,831
On SlideShare
0
From Embeds
0
Number of Embeds
2,540
Actions
Shares
0
Downloads
15
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • Animated, updated GSM, supersized imageRange of different sources, to enable reliable traffic detection on all roads in all situationsQuality of each source is important: precision of location (GPS better than GSM) and update frequency (logged every 2-5s, uploaded ~every 2 minutes)LIVE PND are connected TomTom GPS navigation devicesIn dash navigation currently limited to Europe (Renault, Fiat, Mazda)iPhone data is only from users of TomTom navigation application on the device – and GPS trace data only passed to TomTom if the user subscribes to LIVE services and the device is docked in the TomTom holderBusiness solutions is the TomTom unit focused on connected products for fleet owners (delivery vans, maintenance cars, etc)3rd party GPS data only used in selected countries (USA, South Africa & New Zealand)GSM probes only active in 8 countries (notably not in USA)Incident data = journalistic data describing the cause of the congestion / delay e.g. accident
  • Tom tom - Location services and privacy | Simon Hania @ VINT symposium THINGS 2013

    1. 1. Location services and privacyUsing geolocation in a trustworthy and compliant waySimon.Hania@tomtom.com
    2. 2. 2Trends that threaten trust
    3. 3. 3Connected cars with downloadable appsLocation services, cloud, internet-of-thing, big data
    4. 4. 44. TomTom HD Traffic3. IQ Routes2. Map Share1. Base mapsRevolutionising navigationIn 4 steps4. TomTom HD Traffic3. IQ Routes2. Map Share1. Base maps4. TomTom HD Traffic3. IQ Routes2. Map Share1. Base maps4. TomTom HD Traffic3. IQ Routes2. Map Share1. Base maps
    5. 5. 5TomTom Traffic coverageIt covers up to 99.9% of all roads
    6. 6. 6Creating TomTom HD Traffic: data sourcesRange of high-quality real-time data sources
    7. 7. TomToms trip archiveAnonymous location and speed information from theTomTom user community5 billion (10E9) speed measurements per day5 trillion (10E12) speed measurements to date!by customers driving 50 billion kilometresand visiting every spot over 1,000 times
    8. 8. 8Travel times to hospitalBased on real worldmeasurementsLONDONBased on theoreticalmaximum speedsThe reality check that can help to save lives
    9. 9. Origin/Destination analysis9Example: Trips with Frankfurt Airport as destination• Where are yourcustomers comingfrom?• What routes do theytake?• How may drivers arepassing?• Etc.• Combine with othergeo-based datasources for additionalanalysis
    10. 10. Drivers, police & TomTom10An explosive mixture
    11. 11. Location privacy is top of mindWith bloggers, press, regulators, enforcers, legislatorsand many users alike11• TomTom investigated byleading European DataProtection Authority in 2011• TomTom’s use of locationdata is in accordance withEU Data Protection Laws• Processing and delivery tothird parties 100% OK• Informing users needed tobe more explicit, includingopt-in
    12. 12. Community input – with permission12We profile roads, not people
    13. 13. 13How to enact?Nothing totally new, really1. Principles - is what everyone should know2. People - make the difference: good and bad3. Policies - are like high level requirements4. Projects - is where everything is put together5. Processes - is what we use to stay predictable6. Procedures - exist to avoid re-inventing wheels7. Paperwork - document everything properlyalso usedinternally
    14. 14. TomTom & Privacy14Vision:Community input (crowdsourcing) is strategicPrivacy helps to realize businessobjectives by ensuring trustPrivacy is integral part ofbusiness continuity above andbeyond legal compliancePrinciples:1. Avoid unpleasant surprises:• Customer insight isparamount• Be open and explain –hesitation is an omen• Keep it simple2. The customer remains incontrol of his personal data:we have it “on a loan”also usedinternally
    15. 15. 15Privacy Policies, Standards & Guidelines7 key objectives1. We asses our intended use of PD early to drive requirements2. We document PD: purpose, legitimateground, retention, access, jurisdiction(s)3. We ensure we have obtained or will obtain informed user consent4. We minimize the amount of PD (volume and time) and who hasaccess: we de-personalize or destroy PD as soon as possible5. We keep ensuring adequate security measures based on riskassessment of confidentiality, integrity and availability6. We do not expose PD to any third party, unless the third partycontractually agrees to comply to our policies (or law forces us)7. We enable the user to exercise his rights (information,access/download, correction, deletion) also usedinternally
    16. 16. 16The 6 privacy questions1. What personal data are we processing?2. Why are we processing personal data?3. When can we destroy the personal data?4. Who will have access and will be accountable?5. Where will we process and store the personal data?6. Will we have a legitimate basis for processing?also usedinternally
    17. 17. Privacy, amongst others, is about theprotection of personal dataPersonal data:• Contains (whatever) informationrelating to a natural (“real”) person• That person could beidentified, directly or indirectly• Typically: data attached to uniqueidentifiersAnonymous only:• When no reasonable way exists toidentify (“single out”) a person• Even when requiring correlation withother data sources (e.g. maps andphonebooks)• By anyone with the right resources17also usedinternally
    18. 18. 18Typical personal data misconceptionsvery often present in technology companies• We do not identify the user while using the data, so we have noissues with privacy law• We only use the serial number of the users device, so the datais anonymous and we have no issues with privacy law• We encrypt the data, so we are no longerusing/receiving/sending personal data• We use hashes to replace all serial numbers, so the data is nowanonymous and we have no issues with privacy law• We anonimize the data, so we are not using personal data• We can use the users’ data for anything we want, as long as wekeep the data to ourselves• Look: big name companies are doing the same,so we are OK also usedinternally
    19. 19. 19Can location data be anonymous?Research indicates: hardly ever
    20. 20. Avoiding re-identification is keyTomTom has a strict code of conduct to adhere to privacy laws• Historic trip archive onlyto be used for road,traffic and relatedpurposes• No access to raw dataoutside TomTom, ever• TomTom performsprocessing• TomTom ensures re-identification isimpossible e.g. throughsufficient aggregation201 month1 day
    21. 21. 21Lessons learnt• It is about trust and credibility, not about privacy or laws:• “Anonymous”, “aggregated” is evasive terminology• Data given in good faith, used against me• Be prepared to explain and take action, even if that hurts• Have your act together:• Avoid squirrel behavior – data minimization is key• Tell what you do with your users data and stick to it• Be able to produce all relevant documentation very timely• Co-operate with privacy regulators, don’t fight them
    22. 22. 22Recommendations• Incorporate data protection requirements from the start• Take a multi-disciplinary approach: it is about your“license to operate in the information society”• Embed “privacy by design” into development processes• Document your data: “what, why, when, who, where”• Consider law enforcement/e-discovery implications• Appoint a “privacy czar” in your organization

    ×