Talking Traffic relies on the exchange of data to deliver smart services to road users. At the same time, the users of Talking Traffic services must be certain that their personal details will be handled with the necessary care. Individual partners of Talking Traffic are required to handle all data to which they are given access with due care, and to ensure that that information is only used for its intended purpose. With that in mind, at individual companies and on a joint basis within Talking Traffic, technical and organisational measures have been taken.
Careful decisions were for example taken on which data is essential for the functioning of the chain. Wherever possible, the ‘privacy by design’ principle is employed according to which work is carried out on the basis of anonymous or anonymised data. This refers both to the processing of data for delivering functions to the chain and for example for carrying out effect measurements.
Only where essential for the functioning of the chain – for example in prioritising public transport – are data used and exchanged that (in combination with information from outside the chain) could be derived to an individual person. It is never the aim of the process to obtain information about a specific individual, but this is in theory possible by combining data sources. In these cases, measures have been taken to guarantee the privacy of road users, including agreements about which parties are authorised to use the information.
Via the privacy statement of their service provider, users of Talking Traffic services can obtain information about which personal details are processed and why.
To ensure that none of these aspects are forgotten within Talking Traffic, a privacy audit is carried out on a periodic basis. The aim of the audit is to ensure that the Partnership is truly ‘in control’ not only on paper but also in practice.
In this way, the Partnership Talking Traffic complies with the existing legislation and also complies in advance with the General Data Protection Regulation (GDPR) that will become effective in May 2018. The service providers within Talking Traffic satisfy stringent security requirements, and the data will be processed exclusively within the EU.
Security versus privacy
Security and privacy are often bundled together, and although not exactly the same thing, they can certainly influence one another. Potential security incidents, for example, can result in the unintentional accessibility to otherwise secured personal details. Unlawful access to personal details can in turn potentially result in a new security risk (for example via blackmail). To prevent this happening, the Talking Traffic partners have reached joint agreements on security and privacy [link to page security], and similar agreements are laid down by the individual (public and private) partners.