VMT programs can protect user privacy

Georgia DOT is considering implementing a vehicle miles traveled (VMT) program. VMT programs have the capacity to collect a lot of data about how and when people travel. It’s important for decisionmakers to consider privacy when designing  these programs. There are multiple ways to ensure VMT is privacy compliant.

VMT odometer readings 

One possible way to ensure VMT programs protect privacy is to use low-tech tools for mileage tracking. Instead of using an on-board unit or an app to track mileage, odometer information could instead be gathered at an annual inspection.

Strict data regulations

Any VMT program that opts for using on-board units, GPS trackers, apps or other data-gathering tools needs to institute strict data regulations. In particular, decisionmakers should implement a data minimization standard. This means:

• Limiting the amount of data collected from any sensors or apps to what is strictly necessary for administering the VMT program;
• Using collected data only for the specific purpose of administering the VMT program; and
• Deleting all data as soon as it is no longer necessary. 

This standard must apply to the state itself and to any third party entities the state may choose to involve in program administration. Third parties should not be able to sell, share or otherwise make available drivers’ data to any other entity. No third party should take advantage of its access to drivers’ data for any secondary commercial purposes. It’s important to make this explicit in the rules for a program. Lack of privacy regulation has led to the wide scale harvesting of people’s personal data with virtually no oversight. Periodic audits of how data is gathered, stored and used will also help ensure no one’s data is getting abused.