In recent years, the functionality of the smartphone has increased manifold. From a device that was used to call another person, this device has become the easiest way to check the weather, best public transit route, read the newspaper, pay and update others about your latest achievements. In parallel with the increasing smartphone capabilities and battery capacity, also the number and sophistication of smartphone applications is skyrocketing.
At the moment, a number of smartphone applications make use of the GPS tracker inside your phone to track your position in order to provide you with the latest information regarding activities you are currently undertaking. Examples of these types of smartphone applications are navigation applications, weather forecasting applications and friend finders. Also GPS trackers of security personnel and research institutes track the position of individuals.
Depending on the application or tracker, this information can also be used by third-parties for, for instance, crowd management purposes. Also the CityFlows CM-DSS can analyze this type of information. Given that GPS data is privacy-sensitive, the CityFlows CM-DSS has a stringent protocol with respect to the analysis of GPS traces.
First and foremost, the CityFlows CM-DSS only accepts GPS traces from providers/applications that have explicitly asked permission to their users to distribute the data (anonymously) to third parties, such as the CityFlows CM-DSS. Secondly, the original identification information is hashed, cut and re-hashed before it is stored in the database of the CityFlows CM-DSS**. Moreover, GPS traces of individual smartphones are only used in the analysis, but never visualized in a way that a GPS track can be traced back to a specific individual. In general, only aggregations of the data will be depicted, for instance, the number of pedestrians on a square or the average walking speed of the crowd**. Thirdly, the GPS traces will not be stored in the secure databases of the CityFlows CM-DSS for longer than minimally required to perform all necessary analyses. After analyses all raw GPS traces including their hashed identification information are deleted. Only anonymized GPS data is stored for the longer term. The exact process used to further anonymize the GPS depends on the context under which the GPS data was captured.
** The only exception to this rule is when the GPS traces are used to track willing participants for research (participants of research studies) or security (e.g. medical or security staff at events) purposes. In those cases, individuals are identified by a functional handle (e.g. MEDIC #1) instead of personal details, such as name, age, etc.. Furthermore, only their last known position and walking speed can be visualized at any given time.