Data Protection for Mobile Mapping
Mobile Mapping providers should be aware of data privacy implications when collecting, processing and sharing panorama and planar imagery.
This article is a beginner guide to learn more about Data Protection for Mobile Mapping. If you're interested in more details, check our advance version.
Mobile Mapping at Glance
Mobile mapping is the process of collecting geospatial data from a mobile vehicle or a drone typically fitted with a range of sensors:
- Positioning (GNSS, GPS)
- More remote sensing systems
The primary output from such systems includes GIS data, 3D models, digital maps, street-level (panorama and planar) and aerial imagery.
Mobile Mapping & Data Protection Laws
Recently, regulators have put significant efforts in creating a framework to protect personal data from misuse and breaches by companies and organizations. Europe was at the forefront of data privacy laws with the General Data Protection Regulation (GDPR).
GDPR is not an isolated case, since other countries have followed before and after it came into force: Canada (PIPEDA), South Korea (PIPA), Japan (APPI), California (CCPA) and Brazil (LGPD) just to name a few.
However, data protection goes beyond regulatory duty. Sometimes, citizens react negatively when being filmed without giving consent, causing significant loss of reputation due to this lack of transparent communication.
Every public and private organization, which handles personal information, needs to comply by adapting their technical and legal requirements to match these standards.
For example, the city of Vienna released a public tender (September 2019) to map the entire city. Within the tender, they specified in detail the technical requirements that the tender winner has to deliver to process the data:
- Blurring of full-body and license plates
- Automated Anonymization using Deep Learning
- 99% detection rate
- No systematic errors
- A low number of false detections (false positives)
Handle Data in the right way
Art. 4 of the GDPR defines “personal data” as:
... any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Similarly, other data protection regulations such as CCPA (California), PIPEDA (Canada) and APPI (Japan) are regulating personal data more or less strictly. That being said, we can generally convey that these regulations define personal data as:
Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular subject.
Considering that face and body are the most fundamental and highly visible elements of our identity, they fall under the definition of personal data. Similarly, license plate numbers can be used to trace the identity of the subject.
Most of these privacy laws are consent-based, i.e. require explicit consent from the data subject. It seems obvious to just get the consent to begin with. But when you consider large imagery dataset, it could be time-consuming and costly to get explicit consent from hundreds of thousands, or even millions of individuals.
However, according to the Recital 26, “this Regulation (GDPR) does not, therefore, concern the processing of such anonymous data”, defining anonymized data as “data rendered anonymous in such a way that the data subject is not or no longer identifiable.”
If data is anonymized, no consent is required.
Anonymization for Mobile Mapping
Anonymization is a better solution because it preserves privacy while drastically reducing operational costs. Current state-of-art methods of image and video anonymization include:
- Masking (2nd face from left)
- Pixelation (3rd face from left)
- Blurring (4th face from left)
- Replacement (last face from left)
Among them, blurring emerged as the de-facto standard anonymization method: companies like Google, Microsoft and Apple are using it to protect individuals’ privacy.
How anonymization should be done
That being said, we recommend to ask yourself the following questions when looking for an anonymization solution that fits your needs:
✓ What needs to be anonymized?
✓ How many images need to be anonymized?
✓ Is anonymization time-critical?
✓ Cloud vs. on-premise anonymization solution
✓ What type of images should be anonymized?
✓ Data privacy and security due diligence
✓ Automated blurring solution vs. manual labour
Want to know how to choose your image blurring solution? Check our complete checklist.
When Anonymization is not in place: Costs and Implications
According to the GDPR, a company can be punished in two ways if it does not comply with the regulations:
- Fine (art. 83): up to € 20 million or, in the case of a company, up to 4% of the total annual turnover achieved worldwide.
- Compensation (art. 82): calculated case per case by the National Data Protection Authority (DPA)
In 2019, the Swedish data protection authority (DPA) had fined Skellefteå High School Board for SEK 200,000 (approx. €18,600) for using facial recognition technology to verify 22 pupils' attendance in lessons for three weeks.
In particular, the DPA highlighted that the school had violated several articles of the General Data Protection Regulation, including:
- Article 5 for personal data processing which is excessive to requirements
- Article 9 for processing biometric data without a valid reason
- Article 35 for failure to complete a Data Protection Impact Assessment ('DPIA')
- Article 36 for failure to consult with the DPA prior to the processing of personal data
Why is a small fine handed out to a remote town important? Because it demonstrates that, in order to successfully implement a mapping solution, you must focus on meaningful consent or anonymization to ensure secure and compliant adoption.
If fines are the most common form of penalty - until the end of August 2020, European data protection authorities have imposed fines of €490 million - compensations might be much more costly.
A real-life example is the Austrian Postal Service (Österreichische Post), who were producing political profiles of around 2 million customers without consent. At the end of the trial, the Austrian Mail Service was sentenced to pay € 18 million (fine). As well, it was estimated that possible damage claims would cost € 1.76 billion (€ 800 per customer).
Want to know about all the GDPR fines in your country? Check the GDPR Tracker.
Moreover, as claimed by Datagrail, companies should prepare to process approximately one request for every 5.000 - 10.000 individuals each year. Manually processing high volume of privacy requests is likely to cost anywhere from €1289,30 per request.
Manually processing a single request for deletion can cost around €1289,30.
Mobile mapping equipment mounted on cars and drones are not always seen positively by the public. In fact, according to the European Aviation Safety Agency (EASA), 40% of surveyed people view drones negatively. Safety, privacy and environment are the main concerns for societal acceptance.
In some countries, pedestrians may feel observed and monitored when seeing a Mobile Mapping vehicle in public. This may lead the company to severe PR damage, since citizens might have disagreeble and aggressive reactions.
Privacy is a main concern for societal acceptance
When Google announced in August 2010 that it would map the streets of Germany's 20 biggest cities by the end of that year, the outrage was huge. Some of Google's camera cars were vandalised. A 70-year-old Austrian who didn't want his picture taken threatened the driver of one with a garden pick.
Transparent communication of how data will be collected (and protected) plays a key role in mitigating potential disagreements or uncontrolled reactions.
- Mobile Mapping Systems capture imagery containing faces, bodies and license plates. According to data protection laws, these objects are personal data.
- Most data protection regulations are consent-based. However, anonymization is more a cost-effective way to comply with data protection laws.
- Blurring is the de-facto standard anonymization method.
- Fines, data deletion requests and PR damages might be costly for your company.
Celantur offers fully-automated image and video anonymization solutions to help companies and organizations comply with privacy laws. Our technology detects several objects to be anonymized such as faces, bodies, license plates, vehicles and facades, and automatically blurs them:
✓ We anonymize all kinds of RGB-imagery: planar, panorama and video
✓ Our cloud platform is capable of anonymizing around 200.000 panoramas per day and 90.000 video frames per hour.
✓ Industry-grade anonymization quality: detection rate up to 99%
Data Protection Standards
Data protection is our core business. That's why, to operate as a data processor, we have robust measures in place to comply with the GDPR and other data protection laws:
- Images are processed in GDPR-certified data centres in the European Union
- External Data Protection Officer at service
- All data and storage devices are encrypted
- Annual Data Protection Audit
- Up-to-date Documentation: Technical and Organizational Measures ("TOMs"), Records of Processing Activities and Data Processing Agreement
Under request, we offer our magnetic shield, allowing you to mitigate possible concerns about data collection and processing by communicating that identities are protected and anonymized through our service.