When should you anonymize data and when should you ask for consent?
Protecting users' data is not only desirable, but it is also a legal requirement. How can companies use data to create new services while safeguarding privacy?
A survey by HERE Technologies found that 80% of consumers do not fully trust that services collecting their location data will handle it as they should.
Almost the same number said that sharing their location data made them feel stressed, nervous, or vulnerable.
Concerns about data privacy persuaded Apple to launch its Day in the Life of Your Data and have attracted the attention of lawmakers in recent years.
It is clear organizations need to handle location data carefully, not least because they must comply with laws such as the EU's General Data Protection Regulation (GDPR).
But where does that leave companies such as car manufacturers who want to use location data to provide better services?
In the following examples, HERE360 looks at when you might want to ask for users' consent to use their data, and times when data anonymizing it is the best approach. Rather than simply being a choice between the two, some uses obviously lend themselves better to one or the other.
This is an issue for car manufacturers, which collect data to provide a multitude of services, from traffic information to driver behavior.
That data might be useful for third parties to create new services. But making sure this is provided in a way that is both lawful and keeps consumers happy is a challenge.
Speaking at HERE Directions 2020, HERE Technologies' Head of Industry Solutions Carsten Hurasky said: “There are dedicated electric and automated driving platforms which capture a lot of data. OEMs, tier ones – everybody in the value chain needs to make sure they know where data goes, making sure it's private, it's secure, is used for the right thing, and can drive additional services."
Getting consent
Third parties can use the data collected in this way to provide other services, but they need to get consent from the driver.
An example is insurance.
HERE Technologies' Global Data Privacy Officer Henri Kujala explained: “You may want to share your data with your insurance provider to get a premium, thanks to your safe driving style.
“Data about your driving behavior would be collected – but you as a user, driver or owner would be able to decide which provider to share this data with, or not."
HERE Consent Manager serves as an intermediary between the OEM and the requester – in this case, an insurance company, although it could be for many other uses as well.
It is a blockchain-based system designed to transparently validate and manage consent.
“It's about you managing your own data," Henri added.
Risk vs utility: a balancing act
Some organizations will want to use large amounts of data where the identity is not important, but the pattern or bigger picture shown by the data is important.
An example of this is real-time traffic services. It is not important for users to know who is in those vehicles to understand how congested the roads are. It is also information that can be stored temporarily. Unlike the example of car insurance, the data is not being used to build up a picture of a user's behavior over time.
This is the kind of service that can best comply with the law – and still provide a useful service – by anonymizing the data.
To paraphrase, GDPR says that data protection should apply to any information concerning an identified or identifiable person.
It is quite a broad definition and puts the emphasis somewhat on organizations to decide how best to protect the identity of individuals.
It also says that this does not apply to data that has been anonymized so that you cannot identify the individual.
What matters to organizations is being able to trust that the data is truly anonymous and secure in the EU and beyond.
“We are trying to provide customers with the means that they can be comfortable that the data is now de-identified, but still contains value for use.
“We can provide our customers with tools which help them perform de-identification and anonymization tasks," said Henri.
HERE Anonymizer is available on the HERE location platform to take advantage of its processing power and scale.
The analysis, visualization, and distribution of personal data can then all be achieved within the HERE location platform and HERE Marketplace.
Maximize the value of your data in an open, secure environment that gives you individual control.
Have your say
Sign up for our newsletter
Why sign up:
- Latest offers and discounts
- Tailored content delivered weekly
- Exclusive events
- One click to unsubscribe