1. Location services and privacy
Using geolocation in a trustworthy and compliant way
Simon.Hania@tomtom.com

2. 2
Trends that threaten trust

3. 3
Connected cars with downloadable apps
Location services, cloud, internet-of-thing, big data

4. 4
4. TomTom HD Traffic
3. IQ Routes
2. Map Share
1. Base maps
Revolutionising navigation
In 4 steps
4. TomTom HD Traffic
3. IQ Routes
2. Map Share
1. Base maps
4. TomTom HD Traffic
3. IQ Routes
2. Map Share
1. Base maps
4. TomTom HD Traffic
3. IQ Routes
2. Map Share
1. Base maps

5. 5
TomTom Traffic coverage
It covers up to 99.9% of all roads

6. 6
Creating TomTom HD Traffic: data sources
Range of high-quality real-time data sources

7. TomToms trip archive
Anonymous location and speed information from the
TomTom user community
5 billion (10E9) speed measurements per day
5 trillion (10E12) speed measurements to date!
by customers driving 50 billion kilometres
and visiting every spot over 1,000 times

8. 8
Travel times to hospital
Based on real world
measurements
LONDON
Based on theoretical
maximum speeds
The reality check that can help to save lives

9. Origin/Destination analysis
9
Example: Trips with Frankfurt Airport as destination
• Where are your
customers coming
from?
• What routes do they
take?
• How may drivers are
passing?
• Etc.
• Combine with other
geo-based data
sources for additional
analysis

10. Drivers, police & TomTom
10
An explosive mixture

11. Location privacy is top of mind
With bloggers, press, regulators, enforcers, legislators
and many users alike
11
• TomTom investigated by
leading European Data
Protection Authority in 2011
• TomTom’s use of location
data is in accordance with
EU Data Protection Laws
• Processing and delivery to
third parties 100% OK
• Informing users needed to
be more explicit, including
opt-in

12. Community input – with permission
12
We profile roads, not people

13. 13
How to enact?
Nothing totally new, really
1. Principles - is what everyone should know
2. People - make the difference: good and bad
3. Policies - are like high level requirements
4. Projects - is where everything is put together
5. Processes - is what we use to stay predictable
6. Procedures - exist to avoid re-inventing wheels
7. Paperwork - document everything properly
also used
internally

14. TomTom & Privacy
14
Vision:
Community input (crowd
sourcing) is strategic
Privacy helps to realize business
objectives by ensuring trust
Privacy is integral part of
business continuity above and
beyond legal compliance
Principles:
1. Avoid unpleasant surprises:
• Customer insight is
paramount
• Be open and explain –
hesitation is an omen
• Keep it simple
2. The customer remains in
control of his personal data:
we have it “on a loan”
also used
internally

15. 15
Privacy Policies, Standards & Guidelines
7 key objectives
1. We asses our intended use of PD early to drive requirements
2. We document PD: purpose, legitimate
ground, retention, access, jurisdiction(s)
3. We ensure we have obtained or will obtain informed user consent
4. We minimize the amount of PD (volume and time) and who has
access: we de-personalize or destroy PD as soon as possible
5. We keep ensuring adequate security measures based on risk
assessment of confidentiality, integrity and availability
6. We do not expose PD to any third party, unless the third party
contractually agrees to comply to our policies (or law forces us)
7. We enable the user to exercise his rights (information,
access/download, correction, deletion) also used
internally

16. 16
The 6 privacy questions
1. What personal data are we processing?
2. Why are we processing personal data?
3. When can we destroy the personal data?
4. Who will have access and will be accountable?
5. Where will we process and store the personal data?
6. Will we have a legitimate basis for processing?
also used
internally

17. Privacy, amongst others, is about the
protection of personal data
Personal data:
• Contains (whatever) information
relating to a natural (“real”) person
• That person could be
identified, directly or indirectly
• Typically: data attached to unique
identifiers
Anonymous only:
• When no reasonable way exists to
identify (“single out”) a person
• Even when requiring correlation with
other data sources (e.g. maps and
phonebooks)
• By anyone with the right resources
17
also used
internally

18. 18
Typical personal data misconceptions
very often present in technology companies
• We do not identify the user while using the data, so we have no
issues with privacy law
• We only use the serial number of the users device, so the data
is anonymous and we have no issues with privacy law
• We encrypt the data, so we are no longer
using/receiving/sending personal data
• We use hashes to replace all serial numbers, so the data is now
anonymous and we have no issues with privacy law
• We anonimize the data, so we are not using personal data
• We can use the users’ data for anything we want, as long as we
keep the data to ourselves
• Look: big name companies are doing the same,
so we are OK also used
internally

19. 19
Can location data be anonymous?
Research indicates: hardly ever

20. Avoiding re-identification is key
TomTom has a strict code of conduct to adhere to privacy laws
• Historic trip archive only
to be used for road,
traffic and related
purposes
• No access to raw data
outside TomTom, ever
• TomTom performs
processing
• TomTom ensures re-
identification is
impossible e.g. through
sufficient aggregation
20
1 month
1 day

21. 21
Lessons learnt
• It is about trust and credibility, not about privacy or laws:
• “Anonymous”, “aggregated” is evasive terminology
• Data given in good faith, used against me
• Be prepared to explain and take action, even if that hurts
• Have your act together:
• Avoid squirrel behavior – data minimization is key
• Tell what you do with your users data and stick to it
• Be able to produce all relevant documentation very timely
• Co-operate with privacy regulators, don’t fight them

22. 22
Recommendations
• Incorporate data protection requirements from the start
• Take a multi-disciplinary approach: it is about your
“license to operate in the information society”
• Embed “privacy by design” into development processes
• Document your data: “what, why, when, who, where”
• Consider law enforcement/e-discovery implications
• Appoint a “privacy czar” in your organization