Do you know exactly how much of your data is being collected, by whom, and for what purposes? Our data protection experts examine how much information is collected when you are travelling.
If you watch the popular TV show Hunted, you’ll know that the government can use CCTV, ANPR (Automatic Number Plate Recognition), GPS and Oyster cards to track individuals’ movements. But it’s not just the state that can follow us as we go about our daily lives.
In August 2019, Mercedes-Benz sparked a privacy row when it admitted that it used tracking devices covertly installed in its cars to effectively spy on drivers and pinpoint a vehicle’s exact location. According to Mercedes, the sensors are only used in “extreme circumstances”. This includes when a customer has defaulted on a payment. In such instances, Mercedes would activate the tracker and share car owner information and vehicle location details with bailiffs and car recovery firms.
Worryingly, many people who bought a car from Mercedes had no idea that the car manufacturer could use their data this way.
At Keller Postman UK, we would argue that such surveillance is legally very concerning. Not least because tracking a car without the driver’s knowledge is illegal under EU data protection laws.
“Any company that handles personal data should explicitly disclose how this information is gathered and how it could be used. In the case of Mercedes, there has been a shocking lack of transparency when it comes to how it is processing personal data. Yes, there are details about the sensors in the extensive terms and conditions, but Mercedes is undoubtedly aware that these are often misunderstood or not read at all. As such, we believe that the company is playing fast and loose with the data privacy rights of its customers”.
Kingsley Hayes, Keller Postman UK
Apps that supply data to insurance companies are also raising privacy concerns. For example, car insurance companies are experimenting with charging for insurance based on an individual’s actual driving rather than statistics and algorithms. So, people would let their insurance company watch them drive via an app and then receive a quote based on their actual driving history. But there are significant privacy concerns with this approach. Not least because to work, such apps will have to monitor drivers at all times and cannot be switched off.
For many, a reduction in insurance premiums might be worth it. But we must know what we are signing up to. Because, with a wealth of data to track, where does this stop?
It’s not at all unlikely that, in the future, insurance-based technology could examine the music you listen to or the restaurants you drive to and use this data to make assumptions about you and your driving habits. We should also think about how this information might be shared with third parties.
In 2018, the Information Commissioner’s Office (ICO) fined Uber £385,000 following a data breach that Uber covered up for a year. In this case, the personal details of approximately 2.7 million UK customers were accessed by hackers. This included full names, email addresses and phone numbers. The records of almost 82,000 UK drivers were also taken during the incident.
“This was not only a serious failure of data security on Uber’s part, but a complete disregard for the customers and drivers whose personal information was stolen. At the time, no steps were taken to inform anyone affected by the breach, or to offer help and support. That left them vulnerable.”
Steve Eckersley, Director of Investigations, ICO
Like other transport providers, airlines must also ensure that sensitive passenger information is kept secure. But customer privacy does not seem to have been a priority after a series of data protection failures at the airlines.
According to reports, passengers using the London Underground network are to be tracked via the WiFi beacons on their smartphones. TfL said it would use the data to determine how commuters use the network and send targeted information about avoiding congestion. The move comes following a trial of the system in 2016.
However, as well as using the data to improve its service, experts predict that TfL will commercialise this data. For example, by pricing advertising based on footfall.
While Tfl states that it has “pored over” guidance provided by the ICO, it also believes that it is not subject to GDPR because there is no way of directly identifying an individual from their phone signal. Whether that remains the case is yet to be seen, but this could have long-term privacy implications unless a security-first approach is adopted.
You might expect to be free from data collection when you are on foot or on your bike. But in our connected online world, this is far from the truth. Your exposure to data harvesting depends on the number and type of smart devices that you own and the apps that you use. But today’s intelligent devices have the potential to collect a vast amount of data about you.
For example, cyclists have been warned about sharing data on ride-tracking apps because they could be helping bike thieves. Also, Google could be keeping a detailed record of your exact movements. In fact, it could know everywhere you have ever been! Check here to make sure your location history is turned off.
And it is not just your own technology you have to think about. The ICO was said to be ‘deeply concerned’ about how AI surveillance systems were being used in central London. In this case, it was revealed that hundreds of thousands of people were being secretly spied on by face-recognition systems. The area watched included King’s Cross railway station. The ICO launched an investigation after concerns about this mass surveillance were reported in the media.
“Scanning people’s faces as they go about their daily business is a potential threat to privacy that should concern us all. That is especially the case if it is done without people’s knowledge or understanding.”
Elizabeth Denham, Information Commissioner, ICO
Our world is rapidly changing, and technology is here to stay. So, we would not recommend not using smart devices or apps, especially as they can deliver enormous benefits. But when signing up for any new service, it is vital to check the small print and make sure you understand how your data is being used.
We have launched a group action against Capita. Group actions can be a powerful tool… Read More
Here are some of the questions our data protection experts have been asked about our… Read More
We have launched a group action against 2plan. Group actions can be a powerful tool… Read More
What happened in the 2plan data breach? Find out in our latest blog and claim… Read More
We have launched a group action against Southern Water. Group actions can be a powerful… Read More
Here are some of the questions we have been asked about our Southern Water data… Read More