Personal Information Privacy
What is and isn’t personal information has changed drastically in the last decade. Personal information that needed to be kept private used to simply be kept under lock and key. More recently, digital locks and keys were enough to keep information private. Now with nearly constant access to the internet, the amount of information being collected about people has exploded. What was previously innocuous piecemeal data about a person’s location is now sensitive. Vast amounts of readily available data and greater computing power mean that we have had to rethink and codify what constitutes personal information and what can be done to keep it private, secure, and safe.
People are aware of this drastic change and are valid in their concerns. Personal information is sensitive and valuable and people are right to be apprehensive about who and what has access to their information and what they do with it. People want privacy and they want control. As such, in the past few years, laws, acts, and regulations regarding personal information have been implemented to fit with people’s wants and concerns. Vizzion is cognizant of these new laws and the general public’s feelings on this issue. At Vizzion, each and every employee cares about their own personal information and Vizzion wants to treat the personal information it comes into contact with in the same way its employees believe any other business or government should. Though Vizzion doesn’t directly come into contact with members of the public and their information, Vizzion has extended its efforts to ensure that it keeps personal information private and secure.
A breadcrumb trail of a short journey plotted on a map
A General Approach to Personal Information
What constitutes personal information? The definition varies widely from person to person and culture to culture, so rather than address spurious notions regarding what is and what isn’t personal information, Vizzion refers to two recent legal acts when ensuring that it does not collect and/or infringe on persons’ rights regarding their information: the General Data Protection Regulation and California Consumer Privacy Act. There are two terms that at times are erroneously used interchangeably; the terms being “personal information” and “personally identifiable information". Personally identifiable information is a subset of personal information and is what these laws and regulations are concerned with. Personal information, to both the General Data Protection Regulation and the California Consumer Privacy Act, is free to use, sell, etc. as long as it isn’t personally identifiable information. Personal information includes: name, birth date, employer, location, health records, visage, SIN/SSN etc. Personally identifiable information is that personal information that can be used to identify a specific person. Things like name and birthdate, SIN/SSN, passport number. To keep everything clear, the term personally identifiable information is used through the rest of this article.
General Data Protection Regulation
The General Data Protection Regulation (GDPR) is a regulation that applies to residents and businesses in and of the EU. It came into effect in 2018, making it one of the first pieces of law to directly address personally identifiable information in broad scope. The GDPR aims to provide the control that people want over their own data and the processing of that data. Though not limited to just data in its digital form, a large portion of it is concerned specifically with personally identifiable information that is collected via internet connected devices. Many companies that do not conduct business within the EU make sure to be GDPR compliant, even when it is not legally required. GDPR was established in this issue’s infancy and has set a precedent for the world at large to follow.
GDPR defines personally identifiable information as any information that can identify, directly or indirectly, a natural person. An example of information that can directly identify a person is a unique identification number specifically linked to a person, such as a passport number. Some information cannot on its own identify a person but can be used with other information to indirectly identify them. This can range from something as simple as a full name coupled with birth date to information that requires more work, along with motive, to expose, such as evaluating continuous location data over an extended period of time linked with a unique device like a smart phone. Vizzion ensures it does not collect personally identifiable information as GDPR defines it.
California Consumer Privacy Act
The California Consumer Privacy Act (CCPA) is an act that applies to residents and businesses in and of the state of California. As it came into effect on January 1st, 2020, the CCPA is new and still finding its footing but has a strong predecessor in GDPR and has already made significant impacts. Similar to GDPR, its aim is to enhance privacy rights and provide those under its jurisdiction with more control over their personally identifiable information. The CCPA is also similar to GDPR in that its ramifications reach further than the state it was enacted in; other American states are looking at and to it in possibly adopting a similar act themselves and it will set precedent for a possible federal act. Being enacted in the state of California, the CPPA has affected internationally significant companies: Google/Alphabet, Facebook, Apple, Wells Fargo, Intel, Disney, and more.
Now, let’s see how CCPA’s definition of personally identifiable information compares with GDPR:
As with GDPR, information has to identify a person to be personally identifiable information. Only a few things can directly identify a person: Social Security Number, Passport Number. Outside directly identifying information, disparate information must be combined to indirectly identify a person; location data can identify a person by being linked with unique identifier but on its own, location data, cannot identify a person.
As with GDPR, Vizzion ensures it does not collect personally identifiable information as CCPA defines it.
Multiple traffic cameras on a pole and an on-vehicle camera
Vizzion’s Approach to Keeping Personally Identifiable Information Private
Though the data that Vizzion sources does not come directly from consumers or the public, it still puts forth its best efforts into being a good shepherd of information. Vizzion requires certain data to provide its services to customers. The base data that Vizzion requires is: the camera image and camera location, either provided by the data source or determined by a Vizzion employee, and speed and bearing if the camera is on a vehicle. Other data that Vizzion may gather, or generate if not available, includes: a unique camera name, a unique camera ID number, streaming video, the direction the camera points, the direction of travel of the lane the camera is closest to, and the refresh rate of the camera. Of these, the possibly sensitive information is the location of the camera and the image produced by the camera.
Vizzion provides access to imagery from two different classes of cameras to its customers and these different classes of cameras demand unique measures to ensure that no personally identifiable information is made available. The first are traffic cameras that are set up at the side of roads—almost always at a high vantage point. These cameras are installed by government agencies (e.g. Departments of Transport) and, in the minority, private companies (often in private-public partnerships). Vizzion calls these “roadside cameras." The second are cameras mounted in or on vehicles to show a view of the road ahead of the vehicle. These are commonly known as dash cameras. Vizzion calls these “on-vehicle cameras."
While on-vehicle cameras are commonly known as a consumer product, Vizzion has focused its efforts towards on-vehicle cameras that have been professionally installed on commercial vehicles, typically large freight vehicles which cover many more miles of roadway than a private individual going about their daily routine. Cameras on commercial vehicles generally give a higher vantage point of the roadway, akin to roadside cameras. Other advantages of these on-vehicle cameras are consistency in placement and calibration of the cameras and the robust physical mount itself; these cameras are at low risk of slipping out of place due to daily changes in temperature, for example. What follows is a breakdown of the information that Vizzion gets from cameras and how it keeps secure that information which is personally identifiable.
Camera Location
Roadside cameras have physical single point locations. These locations are represented in Vizzion’s services as simple decimal latitude/longitude coordinates. Roadside cameras are not connected, by location, to or with any person or personally identifiable information. On-vehicle cameras, by their very nature, do not have single fixed locations; these are mobile cameras and vary as a vehicle’s route varies.
Camera Imagery
As stated before, roadside cameras are mounted at the tops of poles or other tall structures such as bridges and buildings to give a good vantage point to understand traffic situations. At this height, faces and license plates are indeterminable. Some roadside cameras are able to pan, tilt, and zoom. These are called Pan-Tilt-Zoom or PTZ cameras. PTZ cameras are controlled by agency employees to focus the camera on incidents, situations, and other things of interest to the agency. Even at high zoom levels, plates and faces cannot be discerned.
An image from a zoomed in PTZ camera. License plates and faces are indeterminable even at this high zoom level
The majority of roadside cameras are neither high resolution nor PTZ, further ensuring that any personally identifiable information cannot be discerned. These cameras, as installed by government agencies, are focused on public areas for providing necessary traffic, weather, and incident information to the general public and the agencies themselves rather than identifying or tracking individuals.
Images from 3 separate roadside cameras. From left to right: an impassable road in Houston during Hurricane Sandy, diverted traffic in Ohio, 2 lanes blocked in Florida
For many businesses, the problem of personally identifiable information in on-vehicle camera imagery is a solved problem. They take the image, identify all the sensitive, personally identifiable information and then obscure, obfuscate, or remove those parts of the image. This usually shows up in the final image as facial and license plate blurring and/or blacked out areas of the image. Though effective, this method is time and resource intensive. Even when automated through the use of algorithms to identify and remove or obscure information in the images, development time and resources have to be taken into consideration as well as the time required to do the task itself. Even more time and work are required when considering, due to algorithm imperfections, the human element isn’t entirely removed. Vizzion requires real-time or near real-time imagery for its purposes, so even with unlimited resources, the common algorithm based solution to the problem of personally identifiable information in on-vehicle camera imagery cannot be applied to Vizzion’s unique requirements. Nonetheless, Vizzion ensures that none of the imagery it receives and passes on to its customers contains personally identifiable information. It’s best to illustrate this with on-vehicle camera images themselves. The following images were taken from an on-vehicle camera imagery provider’s typical fleet camera; the unmodified images are reproduced here with the permission of the driver.
License plate 5 feet from camera
Even at this close range, it’s impossible to read a license plate in this image.
Face 30 feet from camera
Face 15 feet from camera
Face 5 feet from camera
Only in the image of a person 5 feet from the camera is there anything resembling personally identifiable information. Furthermore, these images were taken specifically to be ideal for capturing personally identifiable information. These images are at the maximum image resolution provided to Vizzion by its on-vehicle camera sources. In addition, Vizzion requires vehicles to be driving faster than 10 kilometers per hour to provide an image from a camera, ensuring people are never within 5 feet of the camera. These images were taken from a stopped vehicle. The implementation of a manual process to get these images was required as Vizzion's system could not have produced these images on its own.
A consistent aspect of the imagery from on-vehicle cameras is what can be seen of the vehicle itself. To address this, camera images from Vizzion’s providers are limited to display a determined “Area of Interest”. The Area of Interest is limited to the region of the image that can provide traffic, weather, and road condition information. Below is one of the same images previously shown and to its right how it looks with the Area of Interest applied.
Another way that Vizzion ensures personally identifiable information is not present in on-vehicle imagery is by restricting image capture to vehicles that have been reviewed by our team of content engineers. Any vehicles that return non-useful or potentially sensitive information are excluded from the live feed. Vehicles must be reviewed multiple times before they can initially be added to the feed and regularly thereafter to ensure the camera has not tilted and its images still show an unobstructed view of the roadway.
Fail: Camera view is tilted |
Pass |
Vizzion’s Commitment to Keeping Personally Identifiable Information Private
Vizzion openly shares its unique and novel methods for keeping personally identifiable information private and secure not only to inform the public but also in the hope that these strategies can be of use to other companies within, and outside, Vizzion’s business and technical spheres. These strategies were developed organically from Vizzion’s core values as well as its efforts to be best in class in all regards. Vizzion’s values were not determined superficially—they were not pulled from the headlines—but are the amalgamation of the values of the people that make up Vizzion.
About Vizzion
Vizzion is the leading provider of road imagery for traffic, weather, road condition, and safety operations and applications. Through partnerships with over 200 different transport agencies and on-vehicle camera providers, Vizzion offers live feeds from over 100,000 cameras in 40 countries across North America, Europe, Asia, Australasia, and key markets in South America and Africa. Both on-vehicle and roadside traffic camera services are available through Vizzion’s flexible API and turnkey Video Wall application. Vizzion’s content is trusted by major apps, map providers, broadcasters, fleets, and automotive organizations. Contact [email protected] for more information.
Articles
Traffic Cameras: Providing the Whole Picture
Governments around the world spend millions of dollars on implementing and maintaining these traffic cameras because they know that the cameras can help mitigate traffic jams and even save lives.
Applications
Microsoft has selected Vizzion for worldwide traffic camera imagery in Windows 10 and Bing Maps. This feature complements existing traffic flow data and incident data, and allows users to visualize up-to-the-minute road conditions.
Mercedes-Benz leads the automotive technology industry with the release of mbrace2, the first product to enter the market with traffic cameras directly integrated by an auto OEM.
Comcast's XFINITY X1 cable platform links incident data to traffic camera imagery, displaying the most up to date traffic conditions to millions of US subscribers.