Roberta B. Cowan reports:
TomTom said on Thursday an official probe had cleared it of accusations that it violated Dutch data protection laws by sharing its customers’ individual location and traffic information with third parties, including Dutch police.
The Dutch navigation equipment and map maker came under scrutiny in April after reportedly selling information gathered through its customers’ personal navigation devices (PND) in their cars, to third parties, without their consent.
The firm collects location-related data, including speed, route, and time of day travelled from drivers using TomTom PNDs to suggest alternative routes and avoid traffic jams, but it also sells some of the data to third parties and traffic authorities.
“The data we collect is anonymous and aggregated and we then sell it to governments, which gives them more up-to-date information about the road and allows them plan new roads and improve traffic flow,” said Simon Hania, TomTom’s head of privacy and information security.
“Today it was confirmed by the CBP (Dutch personal data protection agency) that we never have and we never will sell data from our individual users to anyone else, including governments and the police,” Hania added.
Read more from Reuters.
You may be a bit surprised by this as TomTom had apologized back in April and vowed to stop providing data to police that could be used to set speed traps. In light of today’s news story, it seems that TomTom was providing aggregated, non-individually identified, information to police (and others?). As a result of the investigation, they are restricting some use of their data going forward and will be more transparent with users about what data are collected and how it is used.
In retrospect, this is a good example of how public outcry over privacy can cost a business in reputation (and perhaps sales?), and why privacy by design and transparency are so very important.