BRUSSELS – Every two minutes, TomTom navigation devices send their current location, down to a few feet, to the European company’s servers. That equals 5 billion bits of data a day, a grand total of 50 billion kilometers and 7 trillion data records since 2007.
And every one of those geo-location records—which include information such as vehicle speed, weather and time—is “sensitive personal data,” according to European government privacy officials. Why? Each TomTom device uses a distinct IP address, which can be traced to an individual owner.
This didn’t get any public notice until 2011, when an enterprising Dutch news outlet revealed that the country’s police had been accessing TomTom data to determine where to station traffic cops—not in areas with slow traffic, but locales where people were speeding. And even though the company makes the data anonymous and aggregates it for the purposes of providing traffic information, the controversy led to a public outcry and a government probe, in which the company was cleared of violating Dutch data protection laws.
“Drivers, police and TomTom all collided in the public arena,” recalled the company’s chief privacy officer, Simon Hania. “And we lost.” So the world’s leading provider of navigation devices made the difficult decision to address the problem head-on, rather than duck the issue, and sought agreement with government privacy officials across Europe on how to protect its data while continuing operations.
After much discussion and negotiation, the result is an elaborate system of informed consent in which each device user is presented dialogue screens explaining the information the device sends to company servers, and the uses made of it; the user must positively affirm his OK. All such data is anonymized as soon as practical—generally, each time the device is put on standby or data-sharing is turned off.
The latter feature—the fact the location-reporting function can be turned off—resulted from TomTom negotiations with French officials. “Like, when a politician is driving to his mistress’s apartment,” Hania joked to a rapt audience at last week’s European Union data privacy conference here, sponsored by the International Association of Privacy Professionals. The conference attracted 700 attendees who gathered to learn about impending new restrictions on data collection and management in the European Union.
The location data helps TomTom provide real-time traffic information to its users, and to government agencies such as highway managers. It also helps the €1.05 billion ($1.44 billion) company translate its data into useful information it can sell to other organizations, such as a presentation showing the trip origins of cars entering Frankfurt International Airport.
TomTom’s consultative approach with EU officials was one of the key lessons delivered by speakers at the conference: to reap profits from data services in the EU requires negotiating with member states about the specific use cases and personal data involved.
Generally expected to take effect in 2015, the new regulations will impose stiff duties regarding individual privacy and data protection on all companies and organizations that collect data in the EU—or about EU citizens. The latter criterion applies to the work of American tech giants such as Google and Microsoft, among others which had representatives at the Brussels gathering.
Informed Consent as a Selling Point
Though still being fashioned, the new rules are likely to require that data companies employ a chief privacy officer, such as TomTom’s Hania, whose job will be to safeguard individual data. Informed, explicit consent will be needed for all sensitive personal data—such as geo-location and shopping habits—and opt-out “consent” will not suffice. Strict protections against hacking will be necessary; anonymization, such as TomTom practices, will be encouraged.
Hania said TomTom achieves 80 percent success with its consent requests—and better than 90 percent in some countries. “We’ve made it clear to our customers that privacy is integral to our business—because it’s clear to us that privacy is essential to our business continuity,” Hania said. “I am constantly explaining to our American engineers—the data does not belong to us, it belongs to our customers. We use it under license from them.”
The fact that so many TomTom users trust the company with their location information reflects two key messages both presenters and attendees expressed at the conference—straightforward explanation of use and guarantee of care can be a market selling point rather than a disadvantage. And, with stiffer privacy regulation inevitable, uniform standards will be to everyone’s benefit.
“Frankly, if we had uniform regulations and procedures in 28 EU countries now, it would be far better than having to follow 28 different protocols—not to mention the U.S. market,” said Dr. Barbara Tomasi, European data protection director for inVentiv Health, a New Jersey-based clinical trials company that operates globally. “And if it’s the same for all companies, then no one bears a competitive disadvantage.”
And while American data privacy regulations are hodge-podge and inconsistent—some industries such as health care and financial services, face stiff standards, others almost none—many American companies are endeavoring to address the issue now, rather than later. San Francisco-based TRUSTe, for instance, helps more than 5,000 clients safeguard their customer data, and provides a seal clients can display on their customer interfaces.
“We help our clients safely collect and use data, and let their customers know that’s the case,” said Dave Deasy, TRUSTe’s vice president of marketing. “The key word is safely.”
No discussion of law is sensible without legal input, and attorneys at the conference all urged recognition of the fact that privacy compliance is not optional—legally or strategically.
“Your customer’s trust is your most valuable asset, and if you lose it you cannot get it back,” said Katharina Weimer, an attorney specializing in data protection law in the Munich office of Pittsburgh-based law firm Reed Smith.
“Our clients at first tend to want to avoid being transparent,” said Alex van der Wolk, an attorney with De Brauw Blackstone Westbrook in Amsterdam, where explicit consent is an absolute requirement for such activities as profiling the shopping habits of consumers.
“Ask for explicit consent? They think they’ll lose every customer,” said van der Wolk. “But in the end they find it can actually benefit their bottom line. Consumers are not sheep. If they agree to profiling, they will want and expect to receive appropriate offers—and if they do, they’ll buy.”