French DPA against tracking of passenger movements

By EDRi · October 8, 2003

The French Data Protection Authority, the CNIL, considers the current use
of chip-cards for public transport a serious danger for privacy. The cards
combine identity-data with travel data like point of entrance to the
subway, date and time, and even exact route in case the passenger switches
route halfway.

In its recommendation of 16 September, the CNIL says: “In fact, the
movements of persons using these cards can be reconstructed and thus they
are no longer anonymous. This limits the fundamental and constitutional
freedom of coming and going as well as the right to a private life, which
also is a constitutional value.”

The possibility of anonymous travelling should be maintained, according to
the French DPA, independent of any card system. Alternatively, all data
relating to itineraries should be anonymised, irrespective of central
storage or only on the card itself, except in case of fraud control.
However, even for the purpose of fraud control storage may never exceed a
period of 2 days.

Another suggested measure to protect privacy is to create an electronic
form with which passengers can object against the storage of their

In 2001, the Parisian public transport authority (Ratp) received a Big
Brother Award for the initiative to develop the track-and-trace
technology. The use of these chip-cards is not limited to Paris though, in
2002 the CNIL has also researched the storage period of databases with
passenger movements in Amiens, Lyon, Valenciennes, Marseille and Nice.

Earlier this summer in Finland a Big Brother Award was given to YTV, a
firm that controls public transport in the Helsinki region, for storing
individual passenger information including social security numbers.
Similarly, in the Netherlands the company Translink is nominated this year
for plans to introduce the same technology, putting a higher price on
anonymous travelling.

CNIL recommendation (16.09.2003)

Big Brother Awards