Data collected

None of data collected as defined under the section of SafeTRIP services Analysis is considered after review as being sensitive under the Data Protection Directive. Consequently, there should be no specific restrictions to collecting these data. However, such services can lead to additional information related to personal health, which has to be collected and stored with a high level of security and confidentiality along with pre-arranged explicit and informed prior consent of the data subject.

Purpose of data collection

The main purpose of the eCall service is to allow drivers or automatic sensors to call for assistance. An emergency call facility is needed from accidents to crowd control. The collecting of data for safety purposes should encounter few restrictions from national security authorities once security and confidentiality measures are taken.

End user analysis

In most cases, the end user is a physical person, even if some data collected through an emergency call can be used for other purposes and of a benefit to an end-user that is a company. An example of this is data collected during an accident of an HGV can be used both for helping the lorry driver and/or his passengers and informing breakdown services of the road operator.

Scenario testing

Scenario 1: SafeTRIP operator builds an exclusive relationship with its customers

In the case of no application provider, the SafeTRIP platform operator collects ID number of the OBU, data location and Service Activation and forwards them to road operator or passenger transport operator. The SafeTRIP platform operator processes only anonymous data, and road operator or passenger transport operator has the key to link this back to the vehicle.  In this case, it can be difficult for the road operator or passenger transport operator to conclude agreements with emergency services. This could mean that all data needs to be routed through the SafeTRIP platform, reducing the sharing of data amongst different actors.

If there is an application provider, the SafeTRIP platform operator could be the only collector and processor of personal data. Moreover, as there is no relationship between the road operator or passenger transport operator and the application providers, all data must flow through the SafeTRIP platform. An “operational” relationship could be concluded between the application provider – for example, one that guarantees help in English no matter what country the user is located - of eCall services and the end user. Once the anonymous data is received from SafeTRIP, the application provider would use the key to match the data and sends the correct information to the end-user.

Scenario 2: SafeTRIP operator shares his customers with application providers

Neither of these cases poses a problem from a data management perspective.

However, as indicated previously, with a physical person, we may run the risk of a “conflict of applications”, without any prioritization. This could increase the liability of the SafeTRIP platform operator and/or the application provider as they could potentially be challenged by the end user (considered as a consumer) for lack and/or bad emergency information.

Scenario 3: SafeTRIP operator does not have any contact with the end users

This scenario, where third-party eCall service providers are solely responsible for all services and application support, has been the most common approach to roadside assistance service provision by automobile manufacturers in the past. This approach has been vetted and approved by EU data protection supervisory authorities in the past and little alteration of the protocol associated with this scenario is needed. This is the recommended option for eCall service provision.

Figure 9: Example of eCall activation and data collection