Mobility as a Service and privacy
17 Nov 2022Portsmouth, 17th November 2022
Mobility as a Service (MaaS) and privacy
One of the biggest changes that we have all experienced over the last few years is the seamless integration of digital services into our everyday lives. Our music is always with us. Food is but a click away. Transport is no different, with multiple new services, from electric personal transport to ridesharing, fighting for our custom.
Service integration is key to the further development of transport technology. Mobility-as-a-Service (MaaS) platforms can help to bring together different modes of transport to a single point of entry application. This creates that seamless experience for the traveller - many services, one interface.
Personal data underpins the day-to-day operation and incremental improvement of mobility services. It is also available to a wide range of secondary uses such as urban planning and marketing.
However, such use of data creates legal and reputational risks. Many individuals are suspicious about how their personal data is used and hence reluctant to share. In some cases, individuals who have concerns about their personal data avoid connected transport systems altogether! It’s therefore important that whilst a MaaS platform complies with the law, it is also perceived by transport users as responsible and trustworthy data custodian.
To build trust, as well as meet regulatory requirements, you have two potential actions. First, you can give data subjects a choice over how their data is used through the use of affirmative consent Second, you can allow them to exercise their rights to restrict processing of their personal data through opt-out mechanisms.
Consent Management
Managing preferences, and respecting individuals’ choices about their personal data can be achieved through consent management. This allows you to collect, store, update and apply each person’s preferences throughout their relationship with the MaaS platform. A simple Web API allows other services and components to respond to preference changes in real-time.
Consentua is one such enterprise-grade consent management system. It features an SDK that can be embedded into apps, websites and other software systems to manage consent and data-sharing preferences. A flexible purpose-based approach, along with customisable user interface components, simplifies the creation of digital services that meet GDPR requirements and which build trust with users by treating their data in a respectful and trustworthy way.
Being identity-agnostic, Consentua can be easily incorporated into new or existing systems without requiring any specific type of identity management system. Using ‘tokens’, each user or account-holder has a single golden preference record within Consentua that records their preferences and which can be updated through easy-to-use dashboards or incorporated into the user journey.
This flexible approach allows new purposes to be deployed almost instantaneously, without requiring client applications to be rebuilt. Web-based management tools allow quick and easy updates. Less complexity, less developer time.
Consentua is standards-based and produces consent receipts that conform to the Kantara Initiative Consent Receipt specification, which allows integration with other compatible systems. Internally, Consentua stores a rich record of how and when preferences were changed, allowing easy audit and giving the ability to demonstrate to regulators how and when consent was sought.
Sometimes integrated, intelligent systems provide great value but lead to citizens becoming concerned at misuse of their personal data. By using Consentua, a MaaS platform can avoid a public conception of being ‘creepy’. Instead, it helps to build trust with users, and create robust legally-compliant data handling processes.
For more information email David Patterson - [email protected]
About Consentua:
Consentua is a standards-based personal data consent solution. It lets organisations orchestrate their data processing based on the consent that they have from data subjects. Consentua collects, stores and updates consent records so that business processes can be automatically started and stopped, and provides a rich audit trail of consent collection and use. Consentua is a KnowNow Information company and a proud member of MyData Global as well as a contributor to the Kantara consent receipt specification.