ge Click to buy NOW! ITS Action Plan · Task 5.1 1 Information gathering and analysis 1.1 Collect...

ITS Action Plan

ToR 5.1Personal data protection andsecurity in relation to ITS

D2 – Intermediate Report12-06-2012Stefan Eisses, Rapp Trans

Click t

o buy NOW!

PDF-XChange

www.docu-track.com Clic

k to buy N

OW!PDF-XChange

www.docu-track.com

http://www.docu-track.com/buy/


2

Work breakdown

ITS Action Plan / Intermediate Report Task 5.1 / May 6th 2012

Task 5.1

1 Information gathering andanalysis

1.1 Collect and scaninformation on data

protection & ITS

1.2 Liaise withstakeholders

1.3 Analyze collectedinformation

2 Assessment of individual ITSapplications

2.1 Prepare frameworkof generic issues and

possible solutions

2.2 Assess individualapplications

2.3 Liaise withstakeholders

2.4 PrepareIntermediate Report

3 Stakeholder Workshop

3.1 Organize WorkshopEvent

3.2 Prepare material(paper, presentation)

3.3 Report & processworkshop results

4 Recommendations &Measures

4.1 Elaboraterecommendations &

measures

4.2 Prepare final report

0 Project Management

Click t

o buy NOW!

PDF-XChange


k to buy N

OW!PDF-XChange

www.docu-track.com



3

Input documents

• European data protection legislation• The data protection directive• The ePrivacy directive• The proposed new regulation and directive

• Selected case law• Opinions of data protection supervisors and working groups

on specific data protection issues• Generic developments and aspects• Guidance on specific applications

• Results of European R&D projects• (Draft) Standards and Technical Reports from standardisation

bodies (CEN, ISO, ETSI)

ITS Action Plan / Kick-Off 1.4 / 24-04-2012

Click t

o buy NOW!

PDF-XChange


k to buy N

OW!PDF-XChange

www.docu-track.com



4

Stakeholder input

• Other EC services (JRC, DG JUST, DG INFSO)• The EDPS• The Art. 29 WP (and their members)• The IWGDPT• FIA (and their members)• Ertico• Members of the iMobility forum, legal WG• National data protection supervisors (ICO, CNIL, IPRS)• The Dutch Ministry of Infrastructure and Environment• A number of private enterprises involved in ITS


Click t

o buy NOW!

PDF-XChange


k to buy N

OW!PDF-XChange

www.docu-track.com



5

Main findings – legislation

• Basis of data protection directive is adequate, yet:• Fragmentation through differences in national implementations• Inefficiencies due to different rules and procedures in case of cross-

border services• Proposed new EU data protection regulation:

• Refinements as to ‘unambiguous consent’, ‘right to be forgotten’• Enforcement: harmonised sanctions and liability• Easier procedures for outside EU processing• Concentrate effort on high-risk situations

ITS Action Plan / Kick-Off 1.4 / 24-04-2012

Click t

o buy NOW!

PDF-XChange


k to buy N

OW!PDF-XChange

www.docu-track.com



6

Questionnaire ITS & privacy issues to Art. 29 WP

• Sent to the members (28 data protection supervisors) throughits secretariat hosted by DG JUST

• Mostly open questions, with a focus on ‘what are theproblems’

• 8 responses (apart from EDPS), of which• 3 x ‘we can’t support’• 3 x brief• 2 x very useful inputs (UK and Slovenia)


Click t

o buy NOW!

PDF-XChange


k to buy N

OW!PDF-XChange

www.docu-track.com



7

Potential main problems from questionnaire (1)

• Consistent outcomes when ‘locally’ balancing privacy againstother interests

• There should be room for a local assessment (Estonia)• In the private sector the question of proportionality is and will be one of

the most important questions of data protection (Slovenia)• In the UK we would not want to prevent innovation by restricting the

purposes of processing to necessity if there was no disproportionateeffect on privacy (UK)

• All issues listed are relevant and need to be considered. It is difficult torate them (SE).


Click t

o buy NOW!

PDF-XChange


k to buy N

OW!PDF-XChange

www.docu-track.com



8


• Different implementations of 95/46 between the memberstates

• Different national approaches but these all emanate from the sameEuropean law. The rules should be applied fairly consistently acrossEurope (UK)

• The proposed regulation should bring greater harmonization (SI)• Differences between member states won’t be changed by the

regulation (EE)


Click t

o buy NOW!

PDF-XChange


k to buy N

OW!PDF-XChange

www.docu-track.com



9


• Different data protection rules/procedures in member states,sometimes even conflicting.

• Yes. In terms of ITS as much as possible should be done at EU level inorder to avoid higher costs, diverging regimes (SI).

• No, we don’t see this as a problem because the mainunderstanding of data protection is the same in member states(EE)

• This can be the case, but rights and principles mostly appliedconsistently (UK).


Click t

o buy NOW!

PDF-XChange


k to buy N

OW!PDF-XChange

www.docu-track.com



10


• A well-considered consent is out of reach for consumers:privacy aspects packaged in lengthy contracts, conditions foruse etc.

• Yes. Therefore see our Code of Practice on Privacy Notices (UK).• Yes. We firmly agree. There is much room for improvement.

Existing privacy policy documents do not achieve transparancy(SI)

• We agree that this could be a problem (EE).


Click t

o buy NOW!

PDF-XChange


k to buy N

OW!PDF-XChange

www.docu-track.com



11

Potential main problems from WP29 quest. (5)

• Existing EU legislation not suited with dealing with thecomplex arrangements in the ITS service chains of today

• This may well be true, but it is hard to tackle this question. Anylegislation that is too particular is prone to be outdated very soon. Onlythe main data protection principles stand the test of time. (SI).

• We don’t see this as a major problem (EE).• We agree that the current legislation is now showing its age.

Challenges in terms of transparency and individuals’ control of theirpersonal data. We support improvements to the proposed directive thatmaintain a techno-neutral piece of legislation and a risk-basedapproach to safeguarding privacy (UK).


Click t

o buy NOW!

PDF-XChange


k to buy N

OW!PDF-XChange

www.docu-track.com



12


• Enforcement of personal data protection isinsufficient/ineffective

• Large differences between member states, in terms of competences,tasks and resources. Major problem: how to enforce proportionality inthe private sector – DPA have insufficient powers in this regard (SI).

• We don’t see this as a major problem (EE).• We do not wholly agree. Data protection authorities’ enforcement

activity sets societal standards which are usually adhered to (UK).


Click t

o buy NOW!

PDF-XChange


k to buy N

OW!PDF-XChange

www.docu-track.com



13

Questionnaire: further codes of practice useful?

• Further sector-specific rules may be required but this could impact onharmonisation. It may also result in additional uncertainty andcomplication rather than clarity (UK)

• In our view the co-operation between the industry and EU level entitlescould be improved. Codes of practice and other frameworks developedtogether might be the most appropriate tool, for example the recentlydeveloped RFID PIA framework (SI).

• It should be explored with the industry whether for other services theywould find it useful to have specific codes of conduct or guidance, inaddition to standardization (EDPS).


Click t

o buy NOW!

PDF-XChange


k to buy N

OW!PDF-XChange

www.docu-track.com



14

Other issues brought forward

• Privacy by Design: For example in the case of ETC an EUwide system should be developed and data protectionprinciples should be incorporated already from the designstages (SI).

• Serious considerations should be given to on-board devicesthat are capable of performing in anonymous modes/actingas data mediators/giving only as much data as needed for aparticular service (SI).


Click t

o buy NOW!

PDF-XChange


k to buy N

OW!PDF-XChange

www.docu-track.com



15

Criteria for selection of applications / application areas

• Potential privacy risks• Scale of deployment• Expected future development• Diversity of applications in the overall selection


Click t

o buy NOW!

PDF-XChange


k to buy N

OW!PDF-XChange

www.docu-track.com



16

Selected Applications

1. Digital Tachograph2. e-Call3. Road User Charging / EFC4. e-Ticketing in public transport5. Parking Payment services6. Pay-As-You-Drive insurance7. Section Speed Control8. Fleet Monitoring9. Traffic Data Collection10. Cooperative Systems


Click t

o buy NOW!

PDF-XChange


k to buy N

OW!PDF-XChange

www.docu-track.com



17

Individual Applications - main threat categories


Application Legal Basis Threat typeNr Name T1 T2 T3

1 Digital tachograph LB1 Low Low Medium2 eCall LB2 Low Low Medium3 Road user charging3a RUC DSRC LB1-3 Medium Medium Medium3b RUC ANPR LB1-3 Medium Medium Medium3c RUC GNSS LB1-3 High High High4 eTicketing LB2-3 Medium High High5 Parking payment5a Online parking LB2 Low Medium Low5b TVM parking LB3 Low Medium Low6 PAYD insurance LB2 High High High7 Section speed control LB1 Low Medium Low8 Fleet monitoring LB3 (LB2) High High High9 Traffic data collection9a FVD collection LB2 High High High9b FCD collection LB3 High High High9c Roadside collection LB3 Low High High10 Cooperative systems LB2 (LB1) High High MediumExplanation of codes:LB1 processing is necessary for compliance with a legal obligation originating from national or EU legislation (Art. 7, clause c)LB2 the data subject has given explicit consent for the processing of his personal data, mostly in the context of using of a voluntary serviceLB3 processing is necessary for the purposes of the legitimate interests pursued by the controller or by the third party or parties to whom the

data are disclosed, except where such interests are overridden by the interests for fundamental rights and freedoms of the data subjectwhich require protection

T1 Unauthorised access to personal data, by eavesdropping, unauthorised actions of staff, hacking etcT2 Re-use of personal data beyond the legally defined purpose or beyond the scope of the consent of the data subjectT3 Excessive processing, i.e. processing more personal data than required for the purpose.

Click t

o buy NOW!

PDF-XChange


k to buy N

OW!PDF-XChange

www.docu-track.com



18

Individual applications - personal data categories


Click t

o buy NOW!

PDF-XChange


k to buy N

OW!PDF-XChange

www.docu-track.com



19

Individual applications – privacy enhancing measures


Application Important privacy enhancing measuresNr Name M1 M2 M3 M4 M5 M6 M7 M81 Digital tachograph2 eCall3 Road user charging3a RUC DSRC3b RUC ANPR3c RUC GNSS4 eTicketing public transport5 Parking payment services5a Online parking payment5b TVM parking payment services6 PAYD insurance7 Section speed control8 Fleet monitoring9 Traffic data collection9a FVD traffic data collection9b FCD traffic data collection9c Roadside traffic data collection10 Cooperative systems

M1 - anonymisationM2 - pseudonymisationM3 - data minimisationM4 - domain separationM5 - user consent mechanismsM6 - deletion immediately after initial processingM7 - distributed processingM8 - data subject control

Click t

o buy NOW!

PDF-XChange


k to buy N

OW!PDF-XChange

www.docu-track.com



20

Applicable privacy enhancing measures

• Anonymisation:• remove/avoid traceability to an individual• relevant in e-ticketing, FCD, FVD

• Pseudonymisation:• use short-lived identities to avoid association of longer traces to an

individual• particularly relevant in cooperative systems

• Distributed processing:• process sensitive details only in the on-board equipment or user device• particularly relevant for PAYD-insurance, Digitach, GNSS-based road

user charging• may be combined with (some) user control over local data


Click t

o buy NOW!

PDF-XChange


k to buy N

OW!PDF-XChange

www.docu-track.com



21

Applicable privacy enhancing measures (2)

• Domain separation:• keep usage details and customer details in separate

domains/organisations• applicable in RUC, e-ticketing, parking payment

• Immediate deletion:• delete data locally and immediately or anonymise the data• particularly relevant for section speed control, floating vehicle/cellular

data for traffic measurement• Data minimisation:

• only acquire/process data that are really needed for the purpose / thespecific service

• generally applicable, particularly relevant for PAYD insurance, e-ticketing, multi-purpose on-board platforms


Click t

o buy NOW!

PDF-XChange


k to buy N

OW!PDF-XChange

www.docu-track.com



22

Privacy by Design and PIA

• Privacy by design• Important to incorporate privacy requirements and PET design in the

development process• Ignoring privacy aspects in the design will lead to either suboptimal

solutions, difficult costly modifications at a later stage and probablyboth...

• How do we get the concept of PbD transferred from the legal to thesystem development domain ??

• Privacy Impact Assessment• Important tool to enable a risk-based approach• Start of a balanced set of protection measures• Avoid unnecessary restrictions, costs


Click t

o buy NOW!

PDF-XChange


k to buy N

OW!PDF-XChange

www.docu-track.com



23

Location data challenges

• More and more mobility data processed:• E-ticketing, E-payment for parking, route guidance and floating car

data, road user charging deployed on a ever increasing scale• New species of applications around the corner: cooperative systems• Systems/applications becoming more complex and interwoven

• Mobility data also processed in application areas beyond ITS:• Ever growing use of personal mobile devices, never turned off• Variety of applications and options: user does not know the impact of

his choices• Solutions often far from optimal from a privacy point of view


Click t

o buy NOW!

PDF-XChange


k to buy N

OW!PDF-XChange

www.docu-track.com



24

Next steps

• Stakeholder workshop on June 12th

• Feedback on Intermediate Report findings• Suggestions as to areas for improvement• Suggestions as to measures

• Task 4 and Final Report (september)• Define concrete measures to improve the observed weaknesses of

current situation• Generic measures relevant for ITS• Measures targeted at specific ITS applications


Click t

o buy NOW!

PDF-XChange


k to buy N

OW!PDF-XChange

www.docu-track.com



25

Thanks for your attention

ITS Action Plan / ToR 1.1 kick-off meeting / 19 Jan. 2010

Click t

o buy NOW!

PDF-XChange


k to buy N

OW!PDF-XChange

www.docu-track.com



2626

Data aggregation concept

Core OBE

GNSS

+ other

sensors

Trusted

Element

Signed aggregations

Position, time, ...

Contains keys,IDCompliance

Checking

data

DSRC

comms

Long range

comms

Increments per tariffcategory SIGNED

Details accessible

for OBE holder

Click t

o buy NOW!

PDF-XChange


k to buy N

OW!PDF-XChange

www.docu-track.com



27

Key questions

1. What is the state-of-the-art concerning security and personaldata protection aspects related to the handling of data in ITSapplications and services in Europe?

2. In particular, which measures, rules and procedures exist orhave been applied so far to deal with the data protectionissues of ITS applications and services?

3. What ITS applications, or types of ITS applications, are themost subject or prone to data protection issues, or wouldrequire specific measures to address those data protectionissues? Why is it so?

4. Which specific measures (legal, technical, organizational)would be required to guarantee the protection of personaldata in ITS applications or services, while not prohibiting thedevelopment of novel applications and services?


Click t

o buy NOW!

PDF-XChange


k to buy N

OW!PDF-XChange

www.docu-track.com



28

Issue of application specific guidance on data protection

• When too generic: little added value to the legislation itself• When too specific: only limited to a specific subclass of

cases OR requires elaboration of many variants


Click t

o buy NOW!

PDF-XChange


k to buy N

OW!PDF-XChange

www.docu-track.com



Date post:	15-Aug-2020
Category:	Documents
Upload:	others
View:	0 times
Download:	0 times

ge Click to buy NOW! ITS Action Plan · Task 5.1 1 Information gathering and analysis 1.1 Collect...

Documents