Data Retention & Privacy: Why it Matters and Why it’s Challenging

TrafxSAFE

Author: Paul G. St-Aubin, P.Eng, Ph.D.
Senior Product Manager

Overwhelmingly, one of the most common questions we receive is about privacy. Transportation authorities are rightfully concerned about privacy because it raises concerns with respect to law, liability, and public perception. For example, the issue of privacy and tracking came up just recently in a Q&A with Franz Loewenherz from the City of Bellevue. Generally speaking, the questions we receive regarding privacy fall into one of two categories:

  • Capturing Personally Identifiable Information (PII): This is the process (and concern) of capturing information that can uniquely identify a person or vehicle. This is usually the most visible part of the system and a primary concern for the public, and overall perception of the system.
  • Data retention, transmission, and access: Privacy also has technical considerations that stem from legal requirements present in many different jurisdictions, along with balancing the burden of liability that transportation authorities bear. This can touch a rather wide array of activities including what, where, and for how long data is stored, who has access to it, and how is it handled and transmitted electronically?

As a practitioner, I take privacy very seriously. This is how we address these well-acquainted concerns at Transoft Solutions:

Personally, Identifiable Information (PII)

In short, we do not capture PII at all, and never will for the purposes of road safety design. Simply put, identifying individuals is an irrelevant activity for this endeavour. Road safety design is all about designing safer roads for everyone because we assume that public roads will be accessed by- and service everyone. There are companies and products in the road safety enforcement market that can only work if PII is collected, but Transoft is not in that market. And that choice of market is reflected in the choice of technology.

 
The AI successfully recognizes that this is a passenger car, regardless of legibility of
the licence plate in the raw video data, and that’s all that is needed for road safety design.

The underlying AI that powers our technology is trained to classify road user types (e.g. the FHWA vehicle classification for motorized road users), not individuals. At a high level, the AI is looking for characteristics that distinguish members of one road user classification from another. Does it have four wheels? Is it box shaped? Does it have a flatbed? Is the road user’s silhouette vaguely person shaped? That, along with the continuous motion of each road user is the extent of the information needed to perform a basic road safety diagnosis. The system will work all the same regardless of whether licence plates are legible, or whether people’s faces are distinguishable. We encourage our clients to record only so much video data detail as they are comfortable with. If certain regions of the image contain too much detail (typically the lower portion of the image), this can be corrected with full or partial image blurring before we receive or process the video.

Transoft Solutions offers 6 levels of anonymization. These levels range from blurring
just the road users, all the way to showing just a trajectory line on a completely white background.
Here we show Level 3, where the whole video, including the road users and the entire scene is blurred.

Data retention, transmission, and access

This category is a potentially very complex topic, where the specific answers will vary greatly from one jurisdiction to another. Broadly speaking, most transportation authorities and privacy laws within the jurisdictions in which they operate are concerned with what data is retained, how and where it is handled during storage and transmission, and who has access to it.

For the most part, transportation authorities have the option of having all, some, or no video data (including conflict videos), stored on our machines or the machines providing our services for a specified period. The downside to more restrictive data retention policies is that it limits certain activities, including opportunities for before-after follow-up studies and conflict video review. For example, one of our clients wanted to repurpose the video that was collected for an earlier study conducted before the COVID-19 pandemic in order to see how traffic patterns had changed. Unfortunately, the video retention policy had expired by then and we were not able to proceed with a follow-up in hindsight.

Today, we have servers in Canada and within the European Union, however the technology we are using allows us to quickly deploy servers in countries should the need arise. This way we can video-date is processed locally, complying to local privacy rules.

All data collected is subject to confidentiality agreements between Transoft Solutions and the client, and access is granted on the principle of least privilege, which means users only have access and privileges which are essential to perform their intended function. Our data processing and data retention policies make us complient to GDPR. Should you want to read about this in more details, please refer to Transoft Solutions Inc – Privacy Statement.

In case you still have concerns, please feel free to contact us directly to lean more about our data retention policies worldwide.

Get in touch with us

We are committed to providing extraordinary client services and support.

Contact Us