[For more information about this document, and about privacy issues in Intelligent Transportation Systems generally, click here.]

ITS America

Draft Final
Intelligent Transportation Systems
Fair Information and Privacy Principles

These fair information and privacy principles were prepared in recognition of the importance of protecting individual privacy in implementing Intelligent Transportation Systems. They have been adopted by ITS America in "draft final" form. The Privacy Task Group of the Legal Issues Committee will present these principles for review and comment to organizations and groups interested in privacy and ITS outside of ITS America during 1995. They will then be submitted for final adoption to the ITS America Legal Issues Committee, Coordinating Council, and Board of Directors.

The principles represent values and are designed to be flexible and durable to accommodate a broad scope of technological, social, and cultural change. ITS America may, however, need to revisit them periodically to assure their applicability and effectiveness.

These principles are advisory, intended to educate and guide transportation professionals, policy makers, and the public as they develop fair information and privacy guidelines for specific intelligent transportation projects. Initiators of ITS projects are urged to publish the fair information privacy principles that they intend to follow. Parties to ITS projects are urged to include enforcible [sic] provisions for safeguarding privacy in their contracts and agreements.

  1. INDIVIDUAL CENTERED. Intelligent Transportation Systems (ITS) must recognize and respect the individual's interests in privacy and information use.

    ITS systems create value for both individuals and society as a whole. Central to the ITS vision is the creation of ITS systems that will fulfill our national goals. The primary focus of information use is to improve travelers' safety and security, reduce travel times, enhance individuals' ability to deal with highway disruptions and improve air quality. Traveler information is collected from many sources, some from the infrastructure and some from vehicles, while other information may come from the transactions -- like electronic toll collection -- that involve interaction between the infrastructure and vehicle. That information may have value in both ITS and non-ITS applications. The individual's expectation of privacy must be respected. This requires disclosure and the opportunity for individuals to express choice.

  2. VISIBLE. Intelligent transportation information systems will be built in a manner "visible" to individuals.

    ITS may create data on individuals. Individuals should have a means of discovering how the data flows operate. "Visible" means to disclose to the public the type of data collected, how it is collected, what its uses are, and how it will be distributed. The concept of visibility is one of central concern to the public, and consequently this principle requires assigning responsibility for disclosure.

  3. COMPLY. Intelligent Transportation Systems will comply with state and federal laws governing privacy and information use.

  4. SECURE. Intelligent Transportation Systems will be secure.

    ITS data bases may contain information on where travelers go, the routes they use, and when they travel, and therefore must be secure. All ITS information systems will make use of data security technology and audit procedures appropriate to the sensitivity of the information.

  5. LAW ENFORCEMENT. Intelligent Transportation Systems will have an appropriate role in enhancing travelers' safety and security interests, but absent consent, government authority, or appropriate legal process, information identifying individuals will not be disclosed to law enforcement.

    ITS has the potential to make it possible for traffic management agencies to know where individuals travel, what routes they take, and travel duration. Therefore, ITS can increase the efficiency of traffic law enforcement by providing aggregate information necessary to target resources. States may legislate conditions under which ITS information will be made available. Absent government authority, however, ITS systems should not be used as a surveillance means for enforcing traffic laws. Although individuals are concerned about public safety, persons who voluntarily participate in ITS programs or purchase ITS products have a reasonable expectation that they will not be "ambushed" by information they are providing.

  6. RELEVANT. Intelligent Transportation Systems will only collect personal information that is relevant for ITS purposes.

    ITS, respectful of the individual's interest in privacy, will only collect information that contain [sic] individual identifiers which are [sic] needed for the ITS service functions. Furthermore, ITS information systems will include protocols that call for the purging of individual identifier information that is no longer needed to meet ITS needs.

  7. SECONDARY USE. Intelligent Transportation Systems information coupled with appropriate individual privacy protection may be used for non-ITS applications.

    American consumers want information used to create economic choice and value, but also want their interest in privacy preserved. ITS information is predictive of the types of goods and services that interest consumers, for example the right location for stores, hospitals, and other facilities. However, that same information might also be used to disadvantage and harm a consumer. Therefore, the following practices should be followed.

  8. FOIA. Federal and State Freedom of Information Act (FOIA) obligations require disclosure of information from government maintained databases. Database arrangements should balance the individual's interest in privacy and the public's right to know.

    In determining whether to disclose ITS information, governments should, where possible, balance the individual's right to privacy against the preservation of the basic purpose of the Freedom of Information laws to open agency action to the light of public scrutiny. ITS travelers should be presumed to have reasonable expectations of privacy for personal identifying information. Pursuant to the individual's interest in privacy, the public/private frameworks of organizations collecting data should be structured to resolve problems of access created by FOIA.

Go back to the top of the page

Phil Agre <pagre@ucsd.edu>