Dutch DPA concerned for ‘function creep’ if cab journey information is stored in central database
If the Dutch government implements its plan to create a central database to store all cab journeys, it’ll pose a great privacy risk for travelers and endorse ‘function creep’.
The government wants to build a central database for all cab journeys to make it easier for the Human Environment and Transport Inspectorate (ILT) to see whether cab drivers comply with the law. Data on cab journeys are currently stored on the cabs’ on-board computers. In order to check the data, ILT inspectors must physically enter the taxi.
In the government’s proposal, GPS coordinates of customers’ entry and exiting points are sent to the supervisor, thus creating a database of all cab journeys in the Netherlands.
De Autoriteit Persoonsgegevens, the Dutch data protection authority (DPA), however says it’s a bad idea, because people’s sensitive information is potentially being exposed. Someone with access to that database could discover intimate details about private matters of passengers, for example when they visit a psychiatrist, therapist or the hospital.
“We understand that the government wants to make monitoring easier. But by storing coordinates about departures and arrival points of each cab ride so accurately in one database, you unnecessarily expose people taking a cab to privacy risks. Passengers deserve better protection,” Katja Mur, board member of the DPA, says in a statement.
Furthermore, she points out that a data breach is a real risk. “A mistake, a malicious employee or a hacker. We’ve seen this go wrong quite often, even at government agencies,” Mur says.
Lastly, if a database contains this kind of sensitive information, there’s always the risk of ‘function creep’, meaning that the data ends up being used for things it wasn’t originally intended for.
“Maybe the police want access. Or the tax authorities and municipalities might find it useful to check whether people are committing fraud with benefits or allowances. By linking that data to other data, the government can follow people closely. We shouldn't want that,” Mur warns.
The Dutch DPA wants the government to formulate a new version of the proposal. Among other things, it should say that the ILT can only collect GPS coordinates or location data when it’s truly necessary. Also, it should be made more difficult to trace location data to specific passengers.
Finally, the new proposal should specify when the supervisor has to delete collected data on cab journeys. If data is no longer needed, it should be destroyed to prevent data breaches.
Your email address will not be published. Required fields are marked