The privacy-first location platform
Data privacy is of fundamental importance to HERE and our customers.
That’s why it’s a cornerstone of our evolution and growth as a location platform. We’ve built the HERE Open Location Platform from the ground up to enable you and your business to be in control of your data at all times. We combine these controls with strong data security processes.
We practice data minimization and don’t collect data we don’t need. And we promote pseudonymity for data subjects wherever a service does not require personal information to function. We employ privacy by design in services we develop. We strive to go beyond mere regulatory compliance and make privacy an integral part of our corporate culture. We believe that our approach to privacy is vital to earning and retaining the trust of our customers – and the bedrock of our future success as a data-driven location platform
Our seven privacy principles
- Accountable, fair and lawful collection and processing
- Privacy by Design and Default
- Transparency, choice and individual participation
- Collection and purpose limitation
- Responsible data management
- No disclosure of personal data to law enforcement or other governmental agencies unless required by law
- Security safeguards against unauthorized access, use, modification or loss
We put you in control of your data
With the HERE Open Location Platform, you have exclusive control over your data and how it’s used
-
The OLP supports realm separation, and the HERE OLP Marketplace provides full control on data visibility and sharing. That means you determine to whom you expose your data and how it is consumed by others, including HERE itself
We build controls into HERE-developed services
- E.g. When tracking goods moving through your supply chain with HERE Tracking, only you are able to see and identify the items you’re tracking – unless you provide access to others. You can delete your data whenever you want. And if you don’t wish to maintain a historical record of tracked goods, you can enable automatic data deletion at, say, the end of each day.
We apply data minimization & pseudonymization
Everything within reason. We've taken a reductive approach to data collection, seeking to collect and maintain the minimum amount of data needed for a specified purpose
- Wide use of anonymous or pseudonymous data, and a focus on high quality data from trusted sources
- Extract, Transform and Load (ETL) data integration is available in OLP, enabling customers to bring in only the data they need
We apply a data minimization approach in HERE-developed services
- E.g. We've designed the HERE Safety Services Suite to work using only crowdsourced vehicle sensor data pre-processed and anonymized before it reaches us. This prevents a vehicle or its owner from being identified
- E.g. For our HERE Positioning service, we only collect information we need for positioning which doesn’t identify the end-user
A note on machine learning:
- A data minimization approach does not preclude the use of artificial intelligence or machine learning. On the contrary, ensuring data quality and integrity enhances, rather than impedes, our efforts to use such technologies
Most services we provide are oriented to provide services in location context without identifying the end-user. Where personal data may be involved, we strive to apply pseudonymization techniques to reduce the direct identifiability of data related to individuals
- We apply automated random re-assignment and rotation of ID numbers associated with vehicles/devices supplying traffic probe data
- Longer traces can be broken into shorter segments useful for identifying traffic conditions but making it much harder to use patterns to possibly identify individuals
- In street-side imagery collection for map making purposes, we apply blurring filters to vehicle registration numbers and faces in street-level imagery
- For our HERE On-Street Parking service, vehicles notify us when they park ; however, we apply geofences to exclude rural areas to reduce the possibility that a piece of data could be connected to an individual
We keep your data safe
There can be no data privacy without data security. We use strong and effective measures to protect your data against unauthorized access, use, modification or loss.
- We provide strong encryption methods to protect customer and consumer information, while preserving its utility in personalized services. This means OLP can handle personal data related use cases, such as UBI
- Strong encryption by default on all datasets at rest and in motion in OLP
- HERE maintains relevant certifications such as ISO 27001
- Our highly-secure over-the-air (OTA) technology protects updates for edge devices against attackers. It uses the Uptane security framework, the first compromise-resilient software update security system for the automotive industry designed jointly by security researchers from academia and auto OEMs/suppliers
We're developing privacy-enhancing technologies for the future
Location services customized to individuals’ needs hold enormous promise, but only when combined with user-friendly consent management. In this area, HERE has vital new technology under development.
- For people to enjoy uninterrupted access to new services in the autonomous world, a new approach to privacy is needed. We believe in equipping people and businesses with transparent consent and preference management tools to help them stay in better control of their location data
- We’re developing centralized consent/preference management technology
- We’re also investing in privacy-enhancing technologies in the areas of anonymization, differential privacy and federated machine learning