Only technical data are collected, as shown exhaustively in the table below.
Because each number plate not only has technical, but also personal data of the vehicle owner linked to it, it is theoretically possible to retrieve personal data. To avoid this, and to comply with the GDPR, we take specific measures when cross-referencing the different datasets. The combination of location, time and vehicle data potentially makes specific identification possible, which would constitute processing of personal data, which is subject to the rules of the GDPR. We therefore work with different data tables that can be cross-referenced with different unique "identifiers", but never with all "identifiers", thereby ensuring anonymity:
- Dataset from the Remote Sensing campaign: the measurement results with and without location, time-stamp and vehicle identifier (VIN/number plate)
- DIV vehicle identifier (VIN/number plate)
- CarPass: usage data (kilometre reading in past years) and vehicle identifier (VIN/number plate)
Where necessary for analysis, we cross-reference the necessary data "double-blind", working with a unique token that anonymises the combination of location, time-stamp and vehicle identifier. The analyses are then only made with the data fields relevant to the analysis, meaning that the unique identifiers are unknown.
In other words, the initial data processing that Transport & Mobility Leuven does on behalf of Port of Antwerp-Bruges (and for which there is a processing agreement between TML and Port of Antwerp-Bruges) ensures that the processed data for the analysis, which is partly carried out by the subcontractor ICCT and partly by TML, is no longer privacy-sensitive.
Finally, to ensure that the data is completely anonymised (i.e. that there is no longer any possibility of "recovering" certain data because no one holds the key), the hash is not passed on with the processed data to the subcontractor ICCT.