Data Protection for Mobile Mapping
Mobile Mapping providers need to be aware of data protection laws (like GDPR, CCPA), public perception and social responsibility. Here are the facts.
Mobile mapping is the process of collecting geospatial data from a mobile vehicle or a drone typically fitted with a range of photographic, radar, laser, LiDAR or any other remote sensing systems. The primary output from such systems includes GIS data, 3D models, digital maps, street-level and aerial imagery. The last two often contain faces, bodies and license plates.
Mobile Mapping and Personal Data
Art. 4 of the GDPR regulation defines “personal data” as:
... any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Considering that face and body are the most fundamental and highly visible elements of our identity, they fall under the definition of personal data. Similarly, license plate numbers can be used to trace the identity of the subject. Thus, specific measures are necessary to comply with legal requirements.
Most privacy laws around the world are consent-based— i.e. require explicit consent from the data subject. It seems obvious to just get the consent to begin with. But when you consider large imagery dataset, it could be time-consuming and costly to get explicit consent from hundreds of thousands, or even millions of individuals.
However, according to the Recital 26, “this Regulation (GDPR) does not, therefore, concern the processing of such anonymous data”, defining anonymized data as “data rendered anonymous in such a way that the data subject is not or no longer identifiable.”
If data is anonymized, no consent is required.
Anonymization for Mobile Mapping
Anonymization is a better solution because it preserves privacy while drastically reducing operational costs. Current state-of-art methods of image and video anonymization include:
- Masking (2nd face from left)
- Pixelation (3rd face from left)
- Blurring (4th face from left)
- Replacement (last face from left)
Among them, blurring emerged as the de-facto standard anonymization method. In fact, companies like Google, Microsoft and Apple are using it to protect individuals’ privacy.
Celantur offers a GDPR-compliant solution to automatically blur large amounts of images and videos using deep learning-based anonymization and scalable cloud architecture. Thereby we anonymise personal data like faces, bodies, license plates and vehicles.
Our product is developed specifically for Mobile Mapping and works well with imagery from various systems:
- Trimble MX9
- Trimble MX 7
- Leica Pegasus:Two
- GeoSLAM ZEB Discovery
- NavVis VLX
- and many more
All in all, it offers highest quality and scalability, and is open for integration with third-party systems.
Data Protection: Costs and Implications
According to Deloitte, almost 78% of European citizens are aware of their privacy rights.
Moreover, as claimed by Datagrail, companies should prepare to process approximately one request for every 5.000 - 10.000 individuals each year. Manually processing high volume of privacy requests is likely to cost anywhere from €1289,30 per request.
Manually processing a single request for deletion can cost around €1289,30.
Another risk is fines. Last year, the Swedish data protection authority (DPA) had fined Skellefteå High School Board for SEK 200,000 (approx. €18,600) for using facial recognition technology to verify 22 pupils' attendance in lessons for three weeks.
In particular, the DPA highlighted that the school had violated several articles of the General Data Protection Regulation, including:
- Article 5 for personal data processing which is excessive to requirements
- Article 9 for processing biometric data without a valid reason
- Article 35 for failure to complete a Data Protection Impact Assessment ('DPIA')
- Article 36 for failure to consult with the DPA prior to the processing of personal data
Why is a small fine handed out to a remote town important? Because it demonstrates that, in order to successfully implement a mapping solution, you must focus on meaningful consent or anonymization to ensure secure and compliant adoption.
Social Responsibility & Public Perception
Mobile mapping equipment mounted on cars and drones are not always seen positively by the public. In fact, according to the European Aviation Safety Agency (EASA), 40% of surveyed people view drones negatively. Safety, privacy and environment are the main concerns for societal acceptance.
In some countries, pedestrians may feel observed and monitored when seeing a Mobile Mapping vehicle in public.
Privacy is a main concern for societal acceptance
When Google announced in August 2010 that it would map the streets of Germany's 20 biggest cities by the end of that year, the outrage was huge. Some of Google's camera cars were vandalised. A 70-year-old Austrian who didn't want his picture taken threatened the driver of one with a garden pick.
Overall, this may lead the company to severe PR damage. For this reason, privacy is not only a matter of legislation, but also an ethical duty to the society.
A good practice to prevent such possibility is the so-called "privacy by design": Companies and organisations implement technical and organisational measures (e.g. anonymization) at the earliest stages of the product/operation design in such a way that safeguards privacy and data protection principles right from the start.
This is the first blog post of a series. If you are working on a mobile mapping solution, feel free to get in touch with us via email for a free consultation.