OEMs and mobility service providers are increasingly using data from vehicles to reduce emissions, manage traffic, avoid crashes, and many other use cases. While the benefits of vehicle data for individuals, communities, and society are clear, so are the privacy risks posed by the collection, usage, and sharing of personal information.
Personally Identifiable Information, or PII, has become an important term in the quickly evolving landscape of data privacy in general and specifically in vehicle data. PII is commonly defined as information that can be used to distinguish or trace an individual’s identity, while information that is anonymous and cannot be used to trace the identity of an individual is referred to as non-PII.
Vehicle data includes PII
Vehicle identification number (VIN), location data, car heading, and trip origination and termination points may all provide a view into drivers’ private lives. Personal use cases that require information about a specific vehicle in order to provide a service, such as parking solutions, usage-based insurance, roadside assistance, electric vehicle charging services and the like, can only process the data in compliance with legal and technical requirements such as GDPR or CCPA. Aggregate use cases, such as traffic management, mapping, location intelligence, and others that process vehicle data that is de-identified and aggregated are not covered under personal data protection laws.
De-identified, yet usable data is the holy grail
For aggregate use cases, vehicle data that has been de-identified, aggregated, and secured in a way that eliminates privacy risk to drivers, while preserving the value of the data is the holy grail. Blurring techniques are ideal de-identification. Specific vehicle identifiers, such as VIN, can be removed from the data set and replaced by random IDs. Truncating a portion of the data, such as degrees of precision in location coordinates, can help with removing private identifiers. But it can also strip out value. For example, while blurring location can be useful for media measurement applications, it may render the data useless for traffic management applications that need high location accuracy to determine traffic load at a specific location.
Enforcing strong de-identification, while enabling a variety of aggregate use cases is a challenge. This added complexity requires unique algorithms that enable multiple blurring techniques that are dynamically applied to preserve value per specific use case.
Maximizing the commercial value of de-identified data
The Otonomo Dynamic Blurring Engine is a secure, independent, cloud-based service for OEMs. It’s designed for personal data de-identification that guarantees drivers’ privacy and regulatory compliance and ensures that raw OEM data is deleted to avoid privacy breach.
Multiple blurring techniques are utilized to protect drivers’ PII, while preserving the data value and usability for a diverse range of mobility applications and services.
The dynamic blurring process
The dynamic blurring process starts with identifiable vehicle data streams from the OEMs.
The initial de-identification phase replaces the vehicle’s VIN with an arbitrary vehicle id, every configurable period of time (12 hours, 24 hours etc.).
The next dynamic blurring phase is tailored to the OEM requirements and may include trip level blurring and/or geo-location blurring. Trip-level blurring replaces the vehicle’s VIN every trip, that starts with an engine on and ends with an engine off. Additional dynamic logic may entail the removal of the datapoints at the beginning of every trip (either elapsed time or elapsed distance).
The blurred data created by the Data Blurring Engine is aggregated with blurred data from additional sources to eliminate tracing back to the source. This geo-density blurring leverages Otonomo’s multi-OEM access, to maximize data utilization.
The blurred data can be fine-tuned based on OEM, local regulations, and other applicable privacy policies.
Privacy compliance done right
Sufficiently addressing driver privacy concerns is paramount to developing a sustainable vehicle data ecosystem. Otonomo Dynamic Blurring Engine enables OEMs a quick and straightforward solution for securely sharing de-identified vehicle data and making it accessible to multiple apps and services.
With Otonomo Dynamic Blurring Engine, OEMs can effortlessly meet driver expectations for data privacy and remain fully compliant with the various privacy policies and regulations. Applications and service providers can gain quick access to high quality, blurred data, for a greater number of use cases, without the risk of exposing drivers’ PII. The greater potential for data utilization facilitates new and recurring revenue streams for OEMs.
Architected for security and privacy by design, Otonomo’s platform complies with even the most stringent data privacy regulations including GDPR and CCPA, ensuring all parties are protected and companies remain compliant across multiple geographies.