Privacy in intelligent transport systems

Similar documents
This privacy policy (the 'conditions') was last amended in May 2016.

APCOA ANPR solution in Norway. EPA Awards 2019 Category 4, Innovative schemes in parking

LEARNING FROM THE DUTCH: A DECADE OF EXPERIENCE USING INCENTIVISED TDM TO MODIFY BEHAVIOUR. Dr Colin Black

I. CATEGORIES OF PERSONAL DATA, PURPOSES AND GROUNDS FOR PROCESSING

HKT Financial Services (IA) Limited Privacy Statement

Intelligent Transport Systems Enabling the Smart Cities. Panagiotis Ioannou, Transport Solutions Expert

Complete this easy to use self assessment tool to find out if you do.

SMART TOLL COLLECTION USING QR CODE Digital Toll Payment

From 0 60: Privacy and the New Generation of Connected Cars The European Perspective

Project Title. Project Number. Privacy Impact Assessment

RFID AS A TOOL FOR SAFETY, SECURITY, PRIVACY AND CONVENIENCE FOR INTELLIGENT TRANSPORT SYSTEMS

PRICING STRATEGIES PRESENTED BY JEFFREY D. ENSOR MALAYSIA TRANSPORT RESEARCH GROUP TO THE NOVEMBER 25, 2003

Our parking management solutions that include:

Moscow Transport in the Smart City: Current Status and Development Plans

Preparing our Roadways for Connected and Automated Vehicles. 70th Annual Ohio Transportation Engineering Conference Bob Edelstein

Vehicle Tracking & Fleet Management Solution

The AutoPASS strategy: Electronic Toll Collection towards 2020

COMMISSION OF THE EUROPEAN COMMUNITIES COMMISSION RECOMMENDATION. of

1. Understanding Big Data. Big Data and its Real Impact on Your Security & Privacy Framework: A Pragmatic Overview

OLA Privacy Policy for Australia

Mobile Privacy Principles

DRIVER ADDENDUM TO SERVICES AGREEMENT. Last update: October 20, 2015

Effective as of 25th May 2018 INTRODUCTION

Mobile Privacy Principles

ANEC POCKET GUIDE. Overview of Privacy Guidance for Consumer Representatives in standards technical committees. Key Principles

SAFECAP PRIVACY POLICY STATEMENT

Introduction A lot has been written about the level of detail appropriate for the RFID privacy impact assessment. Here we try to explain the evolution

PRIVACY POLICY. Your Village Pty Ltd ABN ( Steam Capital ) is committed to protecting your privacy.

Torino Piemonte Italy inspired for innovation. Think Up - ITS Solutions

P Drive_GDPR_Data Protection Policy_May18_V1. Skills Direct Ltd ( the Company ) Data protection. Date: 21 st May Version: Version 1.

VEHICLE REGISTRATION & TRACKING

a s y E l e c t r o n i c P a r k i n g ARKMOBILE

Internet copy

OCTOPUS THE NEXT GENERATION OF COMMAND AND CONTROL Summary

PRIVACY POLICY. VERSION 1.3 Keystone Property Finance 42 Kings Hill Avenue, Kings Hill, West Malling, Kent M19 4AJ

ITS Action Plan- Internet Consultation

ELECTRONIC TOLL COLLECTION (ETC) AT NATIONAL HIGHWAYS TOLL PLAZAS

Data Breach Notification Policy

Drive your business aims using ANPR

Personal data: By Personal data we understand all information about identified or identifiable natural ( data subject ) according to GDPR

Privacy Statement. Information We Collect

LEGAL ICT FACT SHEET PRIVACY AND MONITORING AT WORK UNDER THE GDPR 2 WHAT KIND OF PERSONAL DATA DOES AN EMPLOYER PROCESS?

Intelligent Transport Systems Deployment Why, What and How

Copyright 2018, Tech Mahindra. All rights reserved. WORKER PRIVACY NOTICE

closer look at Definitions The General Data Protection Regulation

DATA BREACH NOTIFICATION POLICY. Last Updated: Review Date:

STAFF PRIVACY NOTICE

RSD Technology Limited - Data protection policy: RSD Technology Limited ( the Company )

Data Protection Policy. Data protection. Date: 28/4/2018. Version: 1. Contents

PRIVACY STATEMENT OF PAYROLL PROFESSIONALS BV

DRIVERS EXPERIENCE. Erik Babič Tomaž Konajzler Andrej Marsel Luka Lotrič Margarita Ivanova

Stanford University Offline Privacy Notice

a copy of the vehicle and owner data from the Swedish Road Traffic Registry.

APS Bank plc Data Privacy Policy

Background Checks HR-02-10

Integrated Truck Guidance. Intelligent flow control for inland ports, seaports, and airports as well as for freight distribution centersn

IDENTIFICATION SOLUTIONS

UoW takes measures to enable data to be restored and accessed in a timely manner in the event of a physical or technical incident.

Privacy Policy. 1. Introduction

Data Protection and Privacy Statement

Network Rail internal privacy notice

POLICY. Data Breach Notification Policy. Version Version 1.0. Equality Impact Assessment Status. Date approved 23 rd May 2018

RECRUITMENT PRIVACY NOTICE

Safety and security for automated driving

THE ACADEMY HAIR & BEAUTY LTD. PRIVACY POLICY 2018

EGIS SMART PARKING SOLUTIONS

TimePlan Education Group Ltd ( the Company ) Data Protection. Date: April Version: 001. Contents

Freight transport policy and measures in Norway

the value of the m2m platforms offered Saas / in cloud Bo Ribbing Head of Sales Development Product Line Device Connections

Intergovernmental Group of Experts on Consumer Protection Law and Policy, First Session. Geneva, October 2016

CINCINNATI PUBLIC RADIO PRIVACY NOTICE FOR EU RESIDENTS

Northcliffe Surf Life Saving Supporters Association Inc. Privacy Policy

The Data Controller for all personal data stored and processed by Horiba MIRA Ltd is:

Privacy and Cookies Policy

Application for a Dispatcher s Licence

Electronic Toll Collection: Project Management and Implementation. Presented by Terry O Neill, Mott MacDonald e-toll Slovakia 06

Multi-modality assessments in promoting sustainable urban traffic

Exploration of IoT. Peter Lawther Chief Technology Office. 0 Copyright 2016 FUJITSU

RFID PRIVACY IN EUROPE Implications for Libraries. Paul Chartier Convergent Software Ltd. CILIP Conference, Nov 2012

Privacy Policy Policy App Subscription Dongle REMOTO REMOTO Package Bright Box Hungary Korlátolt Felelősségű Társaság Bright Box our Group

OpenBank - banking platform for e-money management based on blockchain technology (version 0.2)

Lease is more. What you need to know about why you should lease your fleet, rather than buy.

Why does AM collect personal information?

Celgene General Privacy Policy

AREA 1: SENSOR NETWORKS SOFTWARE, ARCHITECTURES AND APPLICATIONS

Privacy Statement for ING customers. Americas - May 2018

PASSPORT TO COMPLIANCE STAGE 1 PLANNING AND FEASIBILITY

DPIA List Germany Non Public Sector

APP. T: E: W:

My new Apple device will have a payment feature. How do I set it up?

Setterwalls Privacy Policy

MOBILITY MEETS BIG DATA

(a) (i) Define the term real-time. [2 marks]

RFID and Privacy Impact Assessment (PIA)

Warrant of fitness Inspecting organisation application

DISCOVER THE CASH BACK PROCESS FOR AUTOMATIC VAT RECOVERY WITH CONCUR EXPENSE


EU Regulation 2016/679, GDPR. GDPR, the DPA98 on Steroids

Take Control Don t let the Grey Fleet drag you onto the hard shoulder

PRIVACY POLICY OVERVIEW PERSONAL INFORMATION THAT WE COLLECT FROM YOU. We are committed to protecting and respecting your privacy.

Transcription:

Privacy in intelligent transport systems Trond Foss NTNU March 2017

Article 1 in The European Charter of Fundamental Rights (2009) "The dignity of man is untouchable. It is to respect and to protect" "Den menneskelige verdighet er ukrenkelig. Den skal respekteres og beskyttes." 2

The right to privacy The right to privacy is our right to keep a domain around us, which includes all those things that are part of us, such as our body, home, thoughts, feelings, secrets and identity. The right to privacy enables us to choose which parts in this domain can be accessed by others, and control the extent, manner and timing of the use of those parts we choose to disclose. Yael Onn, et. al., Privacy in the Digital Environment 3

Personal data Any information and assessments that may be linked to a natural Person Norwegian Personal Data Act (Personopplysningsloven 2 Definisjoner) Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data Personal data: Any information relating to an identified or identifiable natural person An identifiable person is one who can be identified, directly or indirectly, 4

Many ITS applications collect personal data 5

Data related to an ITS service User User information Name Address Date of birth Phone no. E mail Bank account no. Assets Vehicle with reg. no. On Board Equipment, e.g. AutoPASS tag Ticket media Loyalty card Mobile phone Driver license with national identity number Attributes Sex Ability (disability) Health data Biometric attributes Accident involvements Activities Place Time Transport means Transport service purchased Behaviour, e.g. driving behaviour Demerit Point system 6

Where do we find the personal data? 7

Three major challenges in ITS services? 1. Privacy 2. Security in ICT systems supporting the ITS services 3. Authorities, operators and users awareness in relation to security including privacy www.techzim.co.zw 8

Examples on privacy threats The ITS service User was there Electronic tracking of transport users (construction of travel patterns) Google maps The ITS service User is there now Registration of the presence of a person Person profiling Coupling of information from ITS with information in other systems Big Data 9

Some examples on where and when personal data may be collected 10

11 Electronic fee collection by means of an OBE and Automatic Number Plate Recognition (ANPR)

Electronic ticketing 12 NB! We have an industry norm in Norway!

Access control based on ANPR Foto: http://www.anpr tutorial.com/ 13

Parking payment and parking surveys based on OBE or ANPR 14 Foto: Parking Trend International June 2008

Traffic data collection based on OBE, ANPR and mobile phones ID Examples Individual speed Origin Destination matrixes Foto: Parking Trend International June 2008 15

Enforcement of Payment of fees, taxes and insurance based on ANPR Control of : Annual vehicle fee Insurance EU vehicle control Foto: NRK/NRK 16

Mobile unit for collection of traffic data (ASSET EU prosjekt) ASSET mobile unit is equipped with 3D camera, infrared camera and ordinary camera for collection of data from individual vehicles: Number plate data Time and place for road use Type of vehicle Vehicle dimensions Speed Headway Picture of vehicle front including number plate Usage of safety belt Foto: ASSET 17

Personal advertising based on ANPR A hidden camera reads the number plate and access the UK vehicle register to find the car make and model The driver is informed about which oil type to use for his vehicle referring to the license plate number of the vehicle Foto: www.safespeed.org.uk/ 18

19 Enforcement of non performing loans based on ANPR

Fleet management with vehicle tracking, real time applications, stolen vehicles and smart apps (e.g. Volvo OnCall) Volvo OnCall 20

Jamming of GPS privacy or crime? 21 Teknisk Ukeblad 12. mars 2014

Location based services Information about Services Points of Interest Public transport Driver assistance systems, e.g. route guidance 22

Pay as you drive Km, speed, driving behaviour Dinepenger.no 23

Security in ITS sub systems Potential attackers: Hackers Activists Terrorists Criminal organisations ITS service Users Operators Authorities Foreign powers Attacks against subsystems and interfaces 24

How to get access to the vehicles internal ICT system? www.canbushack.com www.hackaday.com 25 www.caranddriver.com itune Appstore

26

What is the awareness of authorities, operators and users? Literature review shows that : The awareness of safety and security in intelligent transport systems is limited and there is a gap that should be closed The awareness on privacy is better which probably is caused both by laws and regulations and more attention regarding privacy in other sectors, e.g. the health sector. 27

Could privacy be ensured in intelligent transport systems? 28

'The simplest is often the best' Avoid as far as possible collecting and/or using data that could be linked to a person In worst case, encrypt or make the data anonymous 29

Privacy by design shall be the default methodology Risk analysis Functional and technical requirements System design Specification and development of ITS applications should take place in close cooperation with the Data Inspectorate 30

Three very important principles Confidentiality data shall be protected against nonauthorised access (Konfidensiell) Integrity data shall not be changed between authorised sender and authorised receiver of the data (Integritet) Availability data shall be available when the ITS application requires the data (Tilgjengelighet) 31

Other principles User consent of the use of personal data Deletion of data as soon as they have served their purpose Transparency for the Transport user Transport user involvement Easy accessible and understandable description of the purpose of the data management Minimisation of the data collection Limited use of the collected data Personal data shall be correct, relevant, timely and complete The data shall be protected against loss and non authorised access, deletion and changes Revisions shall be carried through 32 Training of personal handling the data

Could privacy be ensured in intelligent transport systems? The answer is Yes, if Thank you for your attention! trond.foss@sintef.no 33

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback