Rental car companies, just like bus companies have for some time considered the use of Global Positioning Systems units in their vehicles for the dynamic tracking and monitoring of their mobile assets (e.g. campervan). Increasingly rental car companies are being fitted with GPS data log trackers for the purposes of monitoring driver behaviour and enforcing zone restrictions. While predominantly being used for safety-related purposes and the enforcement of fees and penalties, location data from rental cars also has potential in industries such as tourism, specifically in location-based advertising. On the surface, these technologies are part of a smarter fleet management solution supporting the rental car company’s back-end operations but in essence these solutions have the potential to erode driver and passenger privacy.
When one hires a rental car they have the expectation to pay for a service, but not to give away personal information of where they have been, when they were there, how long they stayed at each stop-over, and at what speeds they were traveling. GPS is renowned for a variety of errors, namely in terms of accuracy in speed, distance and time travel logs. No matter how sophisticated these devices are they cannot be trusted 100% of the time. And dependent on the device in question, tall buildings or mountains and valleys and even tunnels can render the device inactive, or even exacerbate margins of error in accuracy.
For example, a driver at a stationary position at traffic lights might decide to change lanes as the lights go green and depending on the interval and the number of GPS satellites that have a fix at that given time, one might register a speed of 100 km/p/h as opposed to just 10 km/p/h. Although systems have been built to overcome such outliers or anomalies, they are not foolproof in every case. And such travel data might have major implications if provided as circumstantial evidence in a court of law. This might bring a whole new interpretation to the adage, being in the wrong place at the wrong time. It did not take long for some states in the U.S. to begin using e-tollway data collected for one purpose to be applied for another, e.g. to provide circumstantial evidence proving where a suspect of a crime was at a given moment in time. In the same way, once GPS data loggers become mainstream devices in rental cars and campervans, this data will no doubt become accessible by authorities, whenever required.
This is not to say that all drivers may not appreciate the data that comes from a GPS when they want to know where they have been during their holiday. But it has to do with consent and whether or not the driver (and passengers) fully are aware of what it means for their location data to be retained. At this point there also needs to be explicit consent that the data gathered will be used for purpose X and Y, and that the data will not be onsold to other companies, such as telemarketing companies. The well known ACME case in the United States which demonstrated the potential for abuse of GPS technology without driver consent, saw a customer who rented out a vehicle charged $150 for a speeding offence of more than 80mph. The customer argued that he had not been adequately informed about the capabilities of the hard-wired location tracking system and won a court case on these grounds. This is an obvious invasion of one’s right to privacy.
There are also other secondary risks, like unauthorized access to one’s travel logs in near real-time. This means an individual could be tracked by someone who wishes to perform some harm against them. The data sent wirelessly via the vehicle from the GPS device could also be intercepted by hackers. At a more abstract level, rental car companies that have agreements with medium or large companies, might offer the data to corporations, so that employers might know whether or not an employee has acted appropriately in getting to their destination(s).
In the Australian landscape, a number of GPS data logger suppliers are now well-established in the market. To some extent these technologies attempt to gain a level of omnipresence but given systems can fail, while we have some level of “being there”, we cannot categorically prove that event A or B has taken place by system-level data. We can come close but we will never have omniscience. There are at least several companies who are investigating the use of their location technologies with rental vehicle companies. The position of the Australian Privacy Foundation is that rental car companies must be explicit about what data is being stored, where it is being stored, for how long it is being stored, how it will be used, and what the commensurate risks might be. Rental car companies must also be explicit about what penalties might ensue by data that is recorded by the GPS whether accurate or not.
GPS data loggers, are just some of the new emerging technologies that are now commonly being used by car rental companies. Another is “point-of-view” (POV) technologies. Together with GPS data loggers, POV black-box style recorders are heralding society into an age of uberveillance. Uberveillance lends itself greatly to information manipulation, misrepresentation and misinterpretation- there is nothing to say that “real-time data logs” cannot be tampered with once received by the rental car company.
Dr Katina Michael
Associate Professor in School of Information Systems and Technology, UOW
Unpublished work in my capacity as a Board Member of the Australian Privacy Foundation