Privacy and Liability
International regulations impose restrictions on the collection, storage, processing and dissemination of data relating to individuals and their behaviour. Individual national legislation is based on these principles. As information relating to movement of individuals is used in ITS applications these regulations impose obligations on network operators. (See Privacy)
The need for total anonymity is seldom a strong requirement from users; nevertheless most users do require the protection of their privacy by the operator.
The privacy of the user is maintained if the following conditions are met:
- only relevant personal data needed for the opening of a service agreement or an account is requested from the user
- the itemised disclosure of the service consumption, for example on a toll road invoice, is an option that can be chosen by the user
- the network operator cannot disclose this information to third parties
In the context of traffic management, privacy is the need for travellers to be able to move freely without any other person being able to find out the time and place of travel. The privacy issue is different for private cars and for commercial vehicles and it is perceived very differently in different countries and cultures.
In general:
- private cars need some protection from unwanted monitoring by the government and authorities (“big brother syndrome”)
- commercial vehicles need to be protected from spying competitors
The privacy rules are the key to success or failure as illustrated by the following:
- Video Enforcement: Video imaging and electronic licence plate reading are efficient technologies that save manpower and enhance safety. In some countries, images may only be taken in a manner where the driver may not be recognised, whereas in other countries the driver must be recognisable for the image to be accepted as a proof
- Electronic Fee Collection: EFC technologies try to avoid large toll plazas with toll lanes with barriers but use virtual gantries (for example using GPS). In particular for urban road pricing, only non-barrier systems are acceptable if there is to be widespread use. Nevertheless, the toll operator or the access control authority must know which vehicle enters and exits a chargeable road. For the traceability of his records, the operator needs to store privacy-sensitive data
- Probe Vehicle: Traffic data gathered from moving vehicles are an excellent resource for traffic management. All vehicles equipped with EFC equipment or with navigation, units (for example VICS in Japan) can provide on-line information on travel times in the network
The network operators who gather and use “confidential” data must ensure that the data is automatically rendered anonymous whenever possible. Encryption at source is required and data should be destroyed immediately after use. (See Data Ownership and Sharing)
Liability issues
To date the liabilities in traffic operations have been relatively clear cut:
- road and roadside equipment: liability rests with the network operator
- vehicles including on-board equipment: liability rests with the vehicle owner or the driver and in some cases the vehicle manufacturer
With the advent of new cooperative ITS applications the border becomes fuzzier, because some applications are based on systems that have an in-vehicle as well as a road-side component and they function only if both components are working. As long as the functions are not relevant for safety (for example Traffic and Traveller Information and Electronic Fee Collection systems), the liability issues are minimal.
It is totally different if in-vehicle driver assistance systems are introduced that include roadside components, for example:
- electronic traffic signs and signals
- electronic guidance and automated highways systems
Network operators cannot take over the liability for the functioning of the in-vehicle components because they have no control over their correct functioning, operation and maintenance. (See Driver Support and Liability)
From the network operators standpoint there are only two possibilities to cope with this situation:
- keep redundant non-electronic systems in use (eg traditional road signs and signals) at the expense of additional costs and possible non-matching of the information
- offer an alternative facility and waver all risks for using the automated systems to the user
Risk and Risk Mitigation
New technologies for traffic management often increase the risks for the operator. Network operators must assess these risks and provide the necessary counter-measures.
Among the possible risks are:
- faulty information technology (IT) systems or communication networks for traffic management, EFC and emergency services
- faulty or tampered-with in-vehicle equipment, e.g. tachograph and speed limit regulator in commercial vehicles, EFC on-board units
- faulty or tampered radio communication links, e.g. DSRC communication for EFC
- anti-radar or radar detector devices to avoid speed limit enforcement
- incorrect information from road users concerning incidents or traffic conditions
Security measures taken by the network operators must include:
- clear organisational structures and procedures
- quality assurance systems (ISO 9001) for network operators and all services involved in traffic management
- IT and communications network security, including data encryption
(See Security of ITS)