Collection and Storage of Personal Data: A Critical View on Current Practices in the Transportation Sector
This paper is based on a 2011 ENISA study that aimed at the analysis of two core principles that can be considered as key manifestations of privacy by design: on the one hand the principle of minimal disclosure (which is also known as the data minimisation principle), and on the other the duration of the storage of personal data (which is also known as conservation principle). It focuses on the data collected for two specific application areas: online ticket booking and purchasing, and the collection and exchange of so-called Passenger Name Record (PNR) data in the European air travel sector and it provides a summary of its findings in relation to the transportation sector across the EU Member States. The analysis shows that it is worrisome to observe that so many systems deployed in real life do not follow a privacy by design approach, and insufficiently consider the data minimisation and data conservation principles. There is a need for these principles to be strengthened in practice, through legislation and governance mechanisms that favour privacy by design, including a clear assessment of privacy impacts and the identification of more privacy conscious implementation alternatives, in order to ensure that the personal data of European citizens is proactively protected, instead of having to modify operational systems only after privacy problems come to light.
KeywordsPersonal Data Data Protection Transportation Sector Transportation Company Council Decision
Unable to display preview. Download preview PDF.