Privacy and Trust Are the Lifeblood of Digital Business #exsum13

To succesfully drive a car in this digital age we can rely on advanced navigational services but there really is more to that than just mapping the route. At the Sogeti Executive Summit 2013, Simon Hania, TomTom’s Chief Privacy Officer, made this very clear. His talk was on location services and privacy or using geolocation in a trustworthy and compliant way. Mr. Hania discerns four overlapping digital trends that tend to threaten privacy and trust: cloud computing, location services, the Internet of Things and Big Data. You all find these nowadays in what we call the Connected Car and the Cloud-Connected Car. TomTom is in the business of revolutionizing navigation with layers of information. Of course there are the base maps and for a start people can share them. TomTom focuses on allowing drivers to take the most efficient route based on proprietary IQ Routes and HD Traffic technology. Today, TomTom Traffic covers 99.9% of all roads. To create their services TomTom captures data from various sources: in-dashboard GPS, fleet GPS, app GPS, detector loops and cameras, and GSM among others. This is where the issue of privacy and trust comes in. TomTom operates a huge trip archive with anonymous location and speed information from their community. Each day, five billion speed measurements are being fed into the system, and it now contains five trillion measurements donated by customers that drove 50 billion kilometres, visiting every spot over a thousand times. For instance the exact travel time to a hospital may serve as a reality check that can help save lives, since there is a significant difference between a route based on theoretical maximum speed and real-world speed measurement. TomTom tracks where customers are coming from, what routes they take, the amount of drivers passing, and combines these data with other geo-based information sources for additional analysis. All over sudden in April 2011 rumor had it that TomTom would share Personally Identifiable Information (PII or personal data) with the police without their customers knowing. The company was eventually cleared of all data violation allegations but since this unfortunate incident communication around privacy and data protection has become a key priority. Informing users must be fully explicit, including opt-in. TomTom only uses community input with permission and is in the business of profiling roads and routes, not people. Companies should take the following seven Ps into account and be totally transparent in these contexts: Principles, People, Policies, Projects, Processes, Procedures, Paperwork. The vision: community input or crowdsourcing is strategic, and privacy helps to realize business objectives by ensuring trust, it being an integral part of business continuity above and beyond legal compliance. These six simple privacy questions are leading:

1. What data are we processing?
2. Why are we processing personal data?
3. When can we destroy the personal data?
4. Who will have access and will be accountable?
5. Where will we process and store the personal data?
6. Will we have a legitimate basis for processing?

Avoiding re-identification based on Personally Identifiable Information (PII) is key. For TomTom this means that it uses its historic trip archive only for road, traffic and related purposes; that there will be no access to raw data outside of TomTom; and that there is sufficient aggregation to make re-identification impossible. A ‘privacy czar’ should be appointed in every company to oversee that so-called Privacy by Design is being developed, implemented and controlled in the right way.