May 23, 2019

TfL data tracking plans highlight importance of privacy regulation

By Lucy Ingham

A plan by Transport for London (TfL) to collect data from the network’s Wi-Fi users about their movements across the city’s transport system has underscored the importance of mass data tracking regulation, according to a cybersecurity expert.

Announced yesterday, the project will see depersonalised data collected from users’ Wi-Fi connections on the network from 8 July. TfL has said that individual customers will not be identified from the data collected.

It is hoped that the TfL data tracking plans will enable improvements to the network, including providing insights into areas with overcrowding that users can then avoid.

“The benefits this new depersonalised dataset could unlock across our network—from providing customers with better alerts about overcrowding to helping station staff have a better understanding of the network in near-real time — are enormous ,” said TfL chief data officer Lauren Sager Weinstein.

Privacy regulation importance underscored by TfL data tracking plans

TfL is working with the Information Commissioner’s Office to ensure it complies with data protection laws, including GDPR, during the project. However, this does indicate how important these types of laws are in ensuring that such projects protect the privacy of users.

“It is important that these mass-collections of data are monitored and regulated. There is nothing inherently risky in collecting information that will help improve the logistics of operations, but customers should be informed that a certain type of data will be recorded and asked whether they wish to opt out,” said Paul Norris, senior systems engineer, EMEA, at Tripwire.

“This will likely happen through an additional disclaimer to which users will have to agree before they can connect to the public Wi-Fi.”

As more options for connections become available, there are going to be a growing number of opportunities for projects like the TfL data tracking plans – and while current regulations are helping to protect users, Norris argues that companies will need to ensure they place consumer protection at the core of any future efforts.

“How the information is stored and who can access it is also something that needs addressing: as our ability to monitor one’s every step increases, it is essential that individual privacy remains at the forefront of any organisation’s priorities,” he said.

“To edge on safety and safeguard their privacy, users should consider using a VPN anytime they access a public network.”

Read more: Simulating the city: Transport modelling technology maps the future of urban travel