Oster card V paper card
I] Privacy and Oyster card: a big no no?
30 years ago, George Orwell was already greatly concerned with privacy. Nowadays, with the perpetual development of new technologies this problem is still current. Thereby, a few years ago a polemic began with the implementation of the Oyster card by Transport for London, but what does privacy mean? Should we really consider the Oyster card as a threat to our privacy?
A] Privacy
As the boundaries and content of what is considered private differs between cultures and individuals, giving a definition of privacy is not easy.
However, as personal as the definition of privacy is, there are basics, which are common. For example, The European Union states that what shall be considered as private, is “the information that relates to an identified or identifiable individual”.
Considering that “everyone has the right to respect for his private and family life, his home and his correspondence”, article 8 of the European convention of human rights, the European Parliament requires all members to ensure that citizens have a right to privacy with respect to the processing of personal data. In the United Kingdom, it is regulated by the data protection act 1998 whose purpose is to protect the rights and privacy of individuals and to ensure that data about them is processed only with their knowledge and consent.
For this, the act gives individual rights regarding personal information held about them and places certain obligations (in the form of 8 principles) on those who process the personal information.
However since 2003, when the Oyster card was introduced it appears that some of this obligation may have been disregarded by Transport for London.
B] Oyster card and privacy
By introducing the Oyster card TFL officially, wanted to speed up passage entering the tube and boarding on buses. Unofficially, they also wanted to cut losses due to the misuse of paper tickets and reduce the number of ticket offices.
In exchange, TFL developed an attractive fare policy.
In 2003, the controversy was mainly because oyster card holders had to register and that information relative to their journey was stored for an “indefinite time”.
This polemic grew when the UK Information Commissioner, Richard Thomas expressed his concern regarding the length of time that Transport for London will hold information on passengers and how this could be used to track the movements of individual.
Indeed, each oyster card has a unique identification number linked to personal information about the registered owner, recording the routes and time of journey each time the card is used.
Following this controversy, the TFL spokesperson made clear how long the information would be held, for 8 weeks and the use of this information: “It is used for customer service purposes, to answer queries about charges for particular journeys or to respond to request for refunds” and that, only a limited number of people have access to this information.
This clarification satisfied the Commissioner who has since never raised any concern.
However, even if the oyster card complies with the Data protection act, and cannot thereby be considered as unlawful, one fact remains: TFL logged every bus, tube and train journey for up to two months.
II]Is the Data Protection Act still current?
Knowing that our every move can be monitored by Transport for London, for up to two months, it is quite disturbing. even more so if we consider that TFL received more than 3,100 requests from the police for passenger journey data between January and October last year.
Additionally, in 2008 news reports indicated that the security services were seeking access to all Oyster card data for the purposes of counter-terrorism. Even if such access is currently not provided to the security services, it is quite frightening to imagine that due to a “crisis”, such as a terrorist threat, such things might become possible.
Does the solution lie in the use of less technology or does the Data Protection Act need to be re-thought?
A] Does the paper card the solution?
The main argument for holding information regarding card holders sounds quite accurate and in the best interest of the passengers. However, does customer service , (answering queries about charges for particular journeys or responding to request for refunds) justify holding the details of every journey for up to 8 weeks? I do not think so.
Therefore, the only solution for the passenger who just wants to preserve “some” privacy would be the use of the paper card which is not linked to any personal information about the owner. Thereby TFL would be unable to store information of your journey via this medium.
However, considering the fare policy, the small number of gates allowing the use of the paper card, such a solution does not sound very practical.
Should we consider that in the name of privacy people should have to pay more or to spend more time on transport? I do not think so.
B] Conclusion
I am quite impressed that the commissioner could consider as justification the storage of such information for up to 8 weeks.
However, if we try to go beyond this polemic, the paper card on its own is not a solution. Indeed, for being an efficient tool for protecting privacy, the paper card should be paid per cash, and not by card (as your bank can track all your payments) and without being monitored by any CCTV.
It is quite ambitious, considering that in London there is more than 10 000 crime-fighting CCTV.
There is an argument saying that only criminals need to fear systems that monitor location. Fair enough, but does that mean that we want to have a perfect stranger knowing everything about our every move?
I truly believe that the Data protection act should be reconsidered and that a new condition should be added to justifying the storage of personal data. Indeed, it would be interesting to add to the “adequate, relevant and no excessive” principle the obligation for the company or the state to justify mathematically how accurate and necessary this data is.
Such conditions would help to ensure that data is processed for limited purposes; that they are accurate and not excessive and that they are kept for no longer than necessary.
Under such conditions, it would be interesting to see if the storage of every journey by TFL or even if CCTV would still be allowed.
30 years ago, George Orwell was already greatly concerned with privacy. Nowadays, with the perpetual development of new technologies this problem is still current. Thereby, a few years ago a polemic began with the implementation of the Oyster card by Transport for London, but what does privacy mean? Should we really consider the Oyster card as a threat to our privacy?
A] Privacy
As the boundaries and content of what is considered private differs between cultures and individuals, giving a definition of privacy is not easy.
However, as personal as the definition of privacy is, there are basics, which are common. For example, The European Union states that what shall be considered as private, is “the information that relates to an identified or identifiable individual”.
Considering that “everyone has the right to respect for his private and family life, his home and his correspondence”, article 8 of the European convention of human rights, the European Parliament requires all members to ensure that citizens have a right to privacy with respect to the processing of personal data. In the United Kingdom, it is regulated by the data protection act 1998 whose purpose is to protect the rights and privacy of individuals and to ensure that data about them is processed only with their knowledge and consent.
For this, the act gives individual rights regarding personal information held about them and places certain obligations (in the form of 8 principles) on those who process the personal information.
However since 2003, when the Oyster card was introduced it appears that some of this obligation may have been disregarded by Transport for London.
B] Oyster card and privacy
By introducing the Oyster card TFL officially, wanted to speed up passage entering the tube and boarding on buses. Unofficially, they also wanted to cut losses due to the misuse of paper tickets and reduce the number of ticket offices.
In exchange, TFL developed an attractive fare policy.
In 2003, the controversy was mainly because oyster card holders had to register and that information relative to their journey was stored for an “indefinite time”.
This polemic grew when the UK Information Commissioner, Richard Thomas expressed his concern regarding the length of time that Transport for London will hold information on passengers and how this could be used to track the movements of individual.
Indeed, each oyster card has a unique identification number linked to personal information about the registered owner, recording the routes and time of journey each time the card is used.
Following this controversy, the TFL spokesperson made clear how long the information would be held, for 8 weeks and the use of this information: “It is used for customer service purposes, to answer queries about charges for particular journeys or to respond to request for refunds” and that, only a limited number of people have access to this information.
This clarification satisfied the Commissioner who has since never raised any concern.
However, even if the oyster card complies with the Data protection act, and cannot thereby be considered as unlawful, one fact remains: TFL logged every bus, tube and train journey for up to two months.
II]Is the Data Protection Act still current?
Knowing that our every move can be monitored by Transport for London, for up to two months, it is quite disturbing. even more so if we consider that TFL received more than 3,100 requests from the police for passenger journey data between January and October last year.
Additionally, in 2008 news reports indicated that the security services were seeking access to all Oyster card data for the purposes of counter-terrorism. Even if such access is currently not provided to the security services, it is quite frightening to imagine that due to a “crisis”, such as a terrorist threat, such things might become possible.
Does the solution lie in the use of less technology or does the Data Protection Act need to be re-thought?
A] Does the paper card the solution?
The main argument for holding information regarding card holders sounds quite accurate and in the best interest of the passengers. However, does customer service , (answering queries about charges for particular journeys or responding to request for refunds) justify holding the details of every journey for up to 8 weeks? I do not think so.
Therefore, the only solution for the passenger who just wants to preserve “some” privacy would be the use of the paper card which is not linked to any personal information about the owner. Thereby TFL would be unable to store information of your journey via this medium.
However, considering the fare policy, the small number of gates allowing the use of the paper card, such a solution does not sound very practical.
Should we consider that in the name of privacy people should have to pay more or to spend more time on transport? I do not think so.
B] Conclusion
I am quite impressed that the commissioner could consider as justification the storage of such information for up to 8 weeks.
However, if we try to go beyond this polemic, the paper card on its own is not a solution. Indeed, for being an efficient tool for protecting privacy, the paper card should be paid per cash, and not by card (as your bank can track all your payments) and without being monitored by any CCTV.
It is quite ambitious, considering that in London there is more than 10 000 crime-fighting CCTV.
There is an argument saying that only criminals need to fear systems that monitor location. Fair enough, but does that mean that we want to have a perfect stranger knowing everything about our every move?
I truly believe that the Data protection act should be reconsidered and that a new condition should be added to justifying the storage of personal data. Indeed, it would be interesting to add to the “adequate, relevant and no excessive” principle the obligation for the company or the state to justify mathematically how accurate and necessary this data is.
Such conditions would help to ensure that data is processed for limited purposes; that they are accurate and not excessive and that they are kept for no longer than necessary.
Under such conditions, it would be interesting to see if the storage of every journey by TFL or even if CCTV would still be allowed.