Mobility as a Service and privacy

Blog title for Mobililty as a Service and Privacy featuring a pen picture of the author, Chris Cooper.

Portsmouth, 17th November 2022

Mobility as a Service (MaaS) and privacy

One of the biggest changes that we have all experienced over the last few years is the seamless integration of digital services into our everyday lives. Our music is always with us. Food is but a click away. Transport is no different, with multiple new services, from electric personal transport to ridesharing, fighting for our custom.

Service integration is key to the further development of transport technology. Mobility-as-a-Service (MaaS) platforms can help to bring together different modes of transport to a single point of entry application. This creates that seamless experience for the traveller - many services, one interface.

Personal data underpins the day-to-day operation and incremental improvement of mobility services. It is also available to a wide range of secondary uses such as urban planning and marketing.

However, such use of data creates legal and reputational risks. Many individuals are suspicious about how their personal data is used and hence reluctant to share. In some cases, individuals who have concerns about their personal data avoid connected transport systems altogether! It’s therefore important that whilst a MaaS platform complies with the law, it is also perceived by transport users as responsible and trustworthy data custodian.

To build trust, as well as meet regulatory requirements, you have two potential actions. First, you can give data subjects a choice over how their data is used through the use of affirmative consent Second, you can allow them to exercise their rights to restrict processing of their personal data through opt-out mechanisms.

Managing preferences, and respecting individuals’ choices about their personal data can be achieved through consent management. This allows you to collect, store, update and apply each person’s preferences throughout their relationship with the MaaS platform. A simple Web API allows other services and components to respond to preference changes in real-time.

Consentua is one such enterprise-grade consent management system. It features an SDK that can be embedded into apps, websites and other software systems to manage consent and data-sharing preferences. A flexible purpose-based approach, along with customisable user interface components, simplifies the creation of digital services that meet GDPR requirements and which build trust with users by treating their data in a respectful and trustworthy way.

Being identity-agnostic, Consentua can be easily incorporated into new or existing systems without requiring any specific type of identity management system. Using ‘tokens’, each user or account-holder has a single golden preference record within Consentua that records their preferences and which can be updated through easy-to-use dashboards or incorporated into the user journey.

This flexible approach allows new purposes to be deployed almost instantaneously, without requiring client applications to be rebuilt. Web-based management tools allow quick and easy updates. Less complexity, less developer time.

Consentua is standards-based and produces consent receipts that conform to the Kantara Initiative Consent Receipt specification, which allows integration with other compatible systems. Internally, Consentua stores a rich record of how and when preferences were changed, allowing easy audit and giving the ability to demonstrate to regulators how and when consent was sought.

Sometimes integrated, intelligent systems provide great value but lead to citizens becoming concerned at misuse of their personal data. By using Consentua, a MaaS platform can avoid a public conception of being ‘creepy’. Instead, it helps to build trust with users, and create robust legally-compliant data handling processes.

For more information email David Patterson - [email protected]

About Consentua:

Consentua is a standards-based personal data consent solution. It lets organisations orchestrate their data processing based on the consent that they have from data subjects. Consentua collects, stores and updates consent records so that business processes can be automatically started and stopped, and provides a rich audit trail of consent collection and use. Consentua is a KnowNow Information company and a proud member of MyData Global as well as a contributor to the Kantara consent receipt specification.

Consentua takes important step towards open personal data ecosystems with MyData

Logo for Consentua

Portsmouth, 1st May 2020

Consentua takes important step towards open personal data ecosystems with MyData

Today, we are celebrating Consentua’s involvement in MyData Global’s recently published paper, Understanding MyData Operators. It is a foundational step on a roadmap towards a human centric personal data infrastructure that involved 34 experts and was supported by 48 personal data operators in 15 countries. The MyData vision published in 2015, describes operators as actors in personal data ecosystems that provide infrastructure for human-centric personal data management and governance. Consentua is one such organisation and prides itself on its contribution to the creation of sustainable ecosystems where the use of data is transparent and controlled by individuals. As providers of infrastructure for personal data management, we recognise our responsibility in creating sustainable ecosystems for fair and ethical use of personal data.

The need for a human-centric data economy is evident: fighting and understanding the impact of COVID19 in a privacy-preserving way, and creating better public and private services are just some of the examples. The paper creates a common language, leading to a better understanding of the field and the roles different actors can take. From there, it defines minimum interoperability requirements and emphasises the need for governance.

Richard Gomer, product lead for Consentua said “The report shows how the MyData principles are being put into practice through real-life tools and products, including Consentua. We’ve been working with MyData for a number of years and are so pleased to have been able to contribute to this report.

The future of personal data is one in which individuals have choice and control over how their data is used.”

“We are really proud that MyData Global has facilitated this landmark paper”, says Teemu Ropponen, general manager of MyData Global. “Operator organisations worldwide have joined on a common journey towards interoperable infrastructure for using personal data across digital services. These operators commit to working in a way that not only puts the rights of the individual in the centre, but also sets them on a collective path to build ecosystems that work for people. The MyData operator philosophy is very much aligned with the recently published EU data strategy, which emphasises the rights of individuals in these developing infrastructures.”

From here on, we will continue to help the MyData Operators Thematic Group in keeping the operators network connected, contributing to thought leadership and working towards interoperability, both in technology, governance as well as human-centric business models.

To download the paper now and see updates in the future from this community visit: https://mydata.org/operators/

For more information email David Patterson - [email protected]

About Consentua:

Consentua is a standards-based personal data consent solution. It lets organisations orchestrate their data processing based on the consent that they have from data subjects. Consentua collects, stores and updates consent records so that business processes can be automatically started and stopped, and provides a rich audit trail of consent collection and use. Consentua is a KnowNow Information company and a proud member of MyData Global.

About MyData Global:

MyData Global is an award-winning international nonprofit. The purpose of MyData Global is to empower individuals by improving their right to self-determination regarding their personal data. MyData Global has nearly 90 organisation members and over 600 individual members across industries, and from over 50 countries, on six continents. The nonprofit facilitates the MyData community of several thousand personal data experts and enthusiasts.

MyData is described in the recently published EU data strategy as a promising initiative for empowering citizens through exercising their digital rights.

Ends