HighLight Heading
July 2006
Research Conference Coverage
Privacy policies needed to build trust for transportation projects
Colin Bennett
Transportation is brimming with opportunities for improving safety and efficiency through technology, but some of these approaches involve capturing private data. Americans fear and distrust this data collection, said Colin Bennett, the opening speaker at the annual CTS research conference, yet unlike other developed countries, the United States lacks national data-privacy standards. Until this vacuum is filled, Bennett said, organizations and researchers must set and clearly communicate their own privacy policies to gain trust for their work.
Bennett, professor and chair of the Department of Political Science at the University of Victoria in British Columbia and a self-described “privacy wonk,” was followed by comments from three local panelists: Marthand Nookala, assistant administrator of public works with Hennepin County; Dan Murray, vice president of research with the American Transportation Research Institute (the not-for-profit research arm of the trucking industry); and Ken Keller, Charles M. Denny Jr. Professor of Science, Technology, and Public Policy at the Humphrey Institute of Public Affairs and a former University of Minnesota president.
“It has been a mythology,” Bennett began, “that since 9/11…security issues in the U.S. tend to trump privacy issues.” A recent poll shows that 70 percent of Americans worry about the invasion of their privacy through new technology, higher than the percentage in Australia (64 percent), Great Britain (59 percent), and New Zealand (57 percent). “This issue does resonate,” he said.
There are three types of justifications for privacy in western societies, Bennett explained. First is the right of a person to have a zone of personal privacy in which to engage in private affairs. Second is a political value, a check against powerful state and private-sector organizations. Third is an instrumental value, he said, “to ensure that the right data about us are used by the right people for the right purposes.” Privacy serves as an instrument for institutions to build consumer trust and engage in interactions such as e-commerce. “When we have privacy and an ability to control the personal information that relates to us,” he said, “we can ensure that other rights and obligations and services are rendered correctly.”
A number of assumptions lie behind information policy, Bennett believes. Key is that there is no “inherently sensitive” data; privacy problems only occur in the way information is used. For example, it is appropriate for your doctor to ask for your medical information but not to announce it at a conference. “It’s the context that produces the risk,” he said. Second, there are no data property rights; without context, personal information has no value. And third, information privacy is more than data security—a database could be completely secure but still violate privacy if the information was collected illegally.
In the 1960s and 1970s, Bennett said, experts developed information privacy principles (see table), which were commonly agreed to in other countries and adopted in the rules of many organizations.
By now, more than 30 countries have enacted comprehensive data-protection laws based on these principles, Bennett said—but not the United States (bills were in Congress at the time of the presentation). The American approach has been to develop policies for sectors or particular industries, he said, creating a “very complicated patchwork of legislative provisions at the state and federal level.”
For enforcement, most advanced industrialized nations have data-protection oversight agencies whose sole responsibility is privacy—again, with the exception of the United States (and a few others), Bennett said. The United States tends to rely on voluntary compliance and enforcement through the courts, if necessary.
Amid this patchwork, new mobile technologies are placing a range of jobs and individuals at risk of privacy violation. Newer cell phones are equipped with emergency (E11) locators; mobile workers such as truck drivers, couriers, and postal workers can be tracked by management; parents can track teen drivers (see related article on page 4); and rental car agencies can monitor customers’ speed, location, and other data.
Owners of new vehicles are another category for which privacy issues have arisen. At least two-thirds of new vehicles come equipped with event data recorder (EDR), or “black box,” technology, mostly for automatic collision notification. GM was the first to begin installing EDR, in about 1998, Bennett said, with “little fanfare and with little notification.”
Although EDR offers many social benefits, Bennett said, manufacturers didn’t plan how the information would be used. Issues arose, and people began asking questions about the extent and transparency of the information. “Is it enough to [describe EDR] on page 57 of the owner’s manual?” Bennett asked. “Who owns that data? What about the accuracy, completeness, and quality of the data? Is it admissible in court? Can it be released to researchers…mechanics…insurance companies? What obligations do they have?”
EDR is following the pattern that usually plays out with privacy controversies, he added. First, information is collected without open privacy policies; gradually, stories appear in the media (the June 8 Minneapolis Star Tribune featured an article about EDR); civil libertarians become involved; and privacy policies are set—in this country, by the states. (Nine states have privacy laws, and legislation is pending in 12 others, including Minnesota.)
In countries that have comprehensive privacy policies, organizations operate within a known legal framework. Until such a framework exists in the United States, Bennett concluded, “it’s incumbent on organizations to do a number of things: be proactive, to anticipate; to not identify individuals in the data; and to be transparent, open, and clear about data purposes and uses.”
(For more about Bennett’s work and his upcoming book, see his Web site at http://web.uvic.ca/poli/bennett.)