We often hear about the protection of personal data and processing traffic and location details by telecom operators. But what does it all mean? Read on and our guide will show you the way.
A BRIEF INTRODUCTION
It's not only mobile operators that track and process this vital information. The thing is, rarely does the report or commentary we're reading describe what “traffic and location data” actually is, what it means, and what are the legal rules and universal laws associated with it. It appears that there are too many half-truths and myths about the processing of personal, traffic and location data. So let’s take a journey to explore this topic further.
PERSONAL DATA: A necessity for a viable contract
We all sign dozens of contracts with dozens of entities throughout the year. Sometimes, we don’t even notice it. Neither do we notice that various service providers must process personal data about us. Actually, we expect this. We expect that airlines will know who we are and what our destination is. We don’t want someone else to take our seat on the flight, after all. When looking for a flat to rent, we expect to know the identity of the one offering the flat, and vice versa. Similarly, we want to know from whom we buy a car, or to whom we sell a car. So really, we give and receive personal data about ourselves and others as a matter of common sense.
PERSONAL DATA: Set of data on a concrete person
Personal data is a set of information related to a specific person, either permanently or long-term. Since birth we all have a given name, surname, birth ID number, place of birth and resident address. The combination of the individual pieces of data distinguishes us from other people. Some of the personal data changes throughout our lives such as a woman’s maiden name, or for most of us, our place of residence.
Personal data is simply a detail or combination of details which can (even indirectly) identify us with a concrete human being. The mere fact that someone is “married” is not personal data. Whereas the combination of data such as “Krejcik (surname) who was born and married in Olomouc,” does help to identify a concrete person.
Identity verification is an important part of protecting your privacy and security. You wouldn’t want your neighbor walking into a bank and opening a loan in your name by using details he or she may have learned simply from daily life. Or, would you rent your flat to “John Smith” without requiring some form of official identification? Probably not.
How could you recognize this person from the rest of John Smiths? This is the role of a process called “identity check.” This process protects both parties. With this process in place, a bank or an operator can be certain who they are signing a contract with. To prevent violating other people’s rights, they (banks and operators) demand people provide clear identification.
Birth ID number is a piece of information that all operators are bound to process and check in a provable manner. It is used as a clear identifier. Would you accept – if you were in the shoes of an operator - if a client specified just a random combination of numbers? Of course not. You’d want proof.
We all have to prove our identity by showing an identity card. Don’t view the strict and consistent process of proving identification as a useless exercise. These processes are meant to protect you. Unfortunately, even under the most rigid restrictions, not all kinds of fraud can be prevented. Typically, when a problem occurs the victims of fraud expect that the institution would keep copies of their identity cards or some other evidence and information to properly investigate the incident.
STATISTICS (AGGREGATED DATA)
Almost all entities, be it businesses or non-businesses, develop various statistics for planning, reviewing or raising their efficiency. For example: The number of visitors to job centers tends to grow after summer vacation. The peak usually falls on Wednesdays. Transport companies know that the bus capacity during morning peaks is 87%, while at noon it drops to 36%. Shopping centers know that customers spend on average CZK 1,700 less on food in November than in December. Insurance companies know that the average age of their clients is 42 and that the majority of life insurance clients are women.
We all could present an indefinite number of such examples... Details like these, however, do not represent personal data. They represent information achieved by aggregation (i.e. by summarizing a large quantity of individual data) and the result is a general profile of a group of people. Although service providers or some other entities may see this information as valuable and relevant, from the perspective of personal data protection, that’s not the case. Having this amount of data, the organization will not learn anything about a concrete person. This information is valuable as a salesman’s resource or as a tool to improve a service in general, but not in relation to an individual person.
Statistical aggregated data is relevant in the broader context. For instance, a piece of information that rafting excursions to the Alps are bought mainly by young men aged 24 – 33 years old mostly in June over weekends, may encourage a travel agency to extend its opening hours on summer weekends, and focus its advertising campaign in magazines read by the target audience. It sounds logical, so one would expect something like this to happen. On the other hand, our recommendation to a travel bureau that they should place their ads in the “Gardener” magazine in winter would be seen as nonsense. In a nutshell, aggregated data cannot be associated with a specific person and the Personal Data Protection Act does not apply to this type of data.
BRIEF HISTORY OF TRAFFIC DATA
Traffic data is a term which has something to do with telecommunications. It means data generated during the operation of a specific communications service. It is a “child” born in the era of modern digital telecom networks. In the olden days, when people making a call were served by charming female operators at local branches, no traffic data was generated or logged. However, after handling a call, each operator would make a tick of each call in her log book and at the end of the month; she’d total all of the ticks just like a waiter in a pub tallies up your bill. As time passed by, so called counters (a kind of meter counting pulses for each phone number) were launched. Each month, reports were made based on the counts and an invoice was issued.
A major disadvantage of this process, strongly criticized by the users in those times, was the fact that nobody was able to trace back the destinations of all the calls made. Suffering various other weaknesses, analog networks were incapable of performing loads of functions we are accustomed to these days (...such as caller ID).
The onset of digital networks gave rise to a phenomenon of traffic data (e.g. the collection of detailed call logs) as well as the utilization of new services. This increased the comfort for both parties: The users could order a CDR (call detail record) as an attachment to their bills and it also helped solve some potential problems between the operator and the customer. The CDR showed in detail all services consumed, as well as the time and duration, so it could be used as proof to handle a complaint.
Without traffic data it would be impossible to issue a CDR for a customer. Without traffic it would be impossible to issue an aggregate bill (an aggregate bill is a form of bill which does not display individual calls or SMS; it only shows the totals related to each type of service).
At the beginning, we mentioned that traffic data had something to do with telecommunications. But detailed “traffic data” is also maintained by organizations such as banks (our history of payment transactions), a local library (the names and dates of borrowed books) a fitness center (the type of exercise ordered) or a garage (the purpose of bringing our beloved car to the garage, including mileage and car condition) and so on and so forth.
Location data is also a term that has something to do with telecommunications. Its importance grew with the arrival of mobile technologies. Using a fixed line, you always knew where the line was situated. Hence, the details showing the location of a fixed line were not created during the operation of the line. The details were inseparably attached to the line from the initial installation until the final de-installation.
Location data is created during the operation of a specific mobile service (a SIM card). A mobile device (or an inserted SIM card) must be connected to a network to become usable. A mobile network must be able to identify where the mobile device is situated at any given time. If it didn’t nobody would be able to reach anybody. Mobile devices would not connect to the internet and the exchange of data in both directions would not work.
A mobile network is comprised of a series of elements that provide signals to various areas and territories. These areas, covered by a transmitter (a base station), are sometimes referred to as “cells.” Location data reflect the position of a mobile device for a specific service in use at a specific time point (e.g. a call dated 12 March at 11:07 a.m., line no. 729 010 0112 was made from an area covered by the Heřmaničky base station).
Location data is needed not only for the provision of voice services or to access the internet, but also for the provision of value-added services such as road conditions delivered to your handset, or for offers from business partners (discounts and benefits) based on your current position. Using these services, you will discover the beauty of mobile technologies bringing more comfort into your life.
It can also be used to pinpoint your location and provide emergency aid in case you experience difficulties while travelling, hiking, etc.
At the beginning, we mentioned that location data had something to do with telecommunications. But other institutions such as banks (to identify the ATM from which you draw your cash), airlines (to know the time/place of your departure/arrival) or road toll gates (to check your car’s license number, time and position) also use very similar “location data.” Instead of finding it strange, we accept it as natural and inevitable.
Legal standards dealing with the processing of personal, traffic and location data are voluminous, very complex and often not easy to read. The goal of our small talk was to familiarize you with the world of personal data and telecommunications in an understandable form rather than to literarily translate the Act.
Using practical examples, we hope we’ve helped you understand this complex topic a bit better. One should remember that concrete numbers can only serve as illustration.
And who knows - maybe gardeners buy rafting excursions too. The business we understand is telecommunications. We are O2. We are here for you.