Discover how telematics revolutionises fleet management while navigating the complexities of data collection and privacy under South Africa’s regulatory landscape.
There is power in numbers, and telematics is all about collecting those numbers and using them to make decisions, empower your fleet managers, better your drivers, and cut preventable costs. But with all those numbers comes a cost – and a risk: a fleet collects massive amounts of data. Data is now something that is quite closely regulated and far more closely managed today than it was at the internet’s inception.
Since the European Union launched its General Data Protection Regulation (GDPR) in 2018, businesses have been forced to be more respectful of both customer and employee data. South Africa then launched the Protection of Personal Information Act (POPIA) in 2020 which similarly enforced legislation about how data is used, stored, deleted, and processed. Let’s unpack this in more detail.
What are the privacy concerns around telematics data?
In telematics, generally, the consensus is that the benefits of the data outweigh the risks.
Telematics data isn’t as personalised as email addresses and phone numbers, but it is data, and South Africans are particular about their data. Our concern about the misuse of personal data (42%) is higher than the worldwide average (32.3%), according to WeAreSocial’s 2023 study.
Added to this, misusing data seriously damages customer trust in a brand. According to an article on the Think With Google blog, privacy experiences impact user trust. The author was, however, surprised to learn just how damaging a bad privacy experience online can be. Consumers view bad privacy experiences as almost as damaging as a theft of their data. It’s enough to make 43% of them switch to another brand.
Increasingly, insurance companies are using telematics data to track their users, and there is a long history of fleet drivers and fleet vehicles, particularly in high risk industries, being extensively tracked. As Arrive Alive explains, “Insurance is all about measuring and calculating risk. Insurance companies evaluate the level of risk and then set premium rates and coverage per the measurement in question. Vehicle telematics is the best, most effective and scientific way to limit risk.”
With that in mind, Koogan Naicker, the Senior Manager of Quality Assurance at Netstar, says, “South Africans are generally cautious with regards to their data and a small percentage also believe that the information may be used in a negative manner. However, the benefit of telematics is generally being embraced, and the safety aspect that it provides in a crime-ridden society is seen as providing peace of mind.”
What are the driver’s rights?
The constitution gives everyone the right to privacy, explains Lebogang George, a senior attorney and the Head of Corporate and Commercial. “Everyone has the right to protection of their personal space, their dignity and their information,” she says. A 2003 paper defines privacy as: “…the ability of individuals to decide when, what, and how information about them is disclosed to others.”
Drivers are in an unusual position in this regard in that they don’t directly determine what data is shared. In contrast to transactions that typically involve direct user interaction with institutions like banks, shops, or online websites, the private data utilised in automotive telematics transactions is actually generated independently of any user interaction with the service provider. It’s an interesting distinction, as it operates somewhat behind the scenes without necessitating direct involvement.
Any data being collected needs consent around storage, sharing, or any other purpose. Equally important is the implementation of robust safeguards to prevent any potential security breaches.
George clarifies that the business’s core responsibilities undoubtedly encompass securing consent, which most often takes place in the employment contract. She explains, “When entering into a contract, there are instances where consent is implied. It’s a bit like an unspoken agreement because, in order to fulfil your obligations under the contract, certain actions are necessary. For instance, if a contract explicitly states that, as an employee and driver, you will be monitored or certain data will be collected, your agreement is inherent in accepting the job. While you technically have the option to refuse, declining might result in not getting the job in the first place. When you agree, it signifies your consent. However, it’s crucial that any invasion of privacy through tracking should be strictly limited to business-related purposes and not extend beyond that.”
The employer cannot begin tracking an employee’s personal phone calls or extend tracking to their personal vehicle. The tracking is exclusively meant for monitoring company assets. Anything beyond the scope of company assets would constitute an invasion of privacy. As long as it remains within company assets, and considering the employee has consented by signing an employment contract, the employer has the authority. However, once they cross that line and attempt to track your personal phone calls, your private laptop, or even your personal vehicle, even if it’s used for work, but you’re not provided with a company phone, laptop or vehicle, that would indeed be an invasion of privacy.
Breaching personal information has a significant impact on a business’s reputation. George explains that when such breaches occur, word of mouth spreads, and people lose trust, questioning the company’s commitment to privacy and security.
What data is collected?
Naicker explains this in more detail. “Drivers can expect telematics to provide enhanced information back to the owner that provides insights into vehicle driver behaviour. This can be used to encourage better driving behaviour, and possibly reduce insurance premiums.”
He explains further that telematics also plays a crucial role in accident detection and reconstruction, which can significantly assist in streamlining accident claims processes.
For fleet management, telematics offers multifaceted advantages. It enables the reduction of fuel consumption, evaluation of risky driver behaviour, optimisation of routes, and the provision of alerts for high-risk zone driving, among other benefits. Additionally, telematics is instrumental in stolen vehicle recovery, enhancing security and asset protection.
In a fleet context, the type of data collected would typically be used to assess and improve driver behaviour, safety, and overall efficiency, such as data associated with:
- Access control
- Pre-operation checklist
- Metrics
- Impacts
- Fault codes
For insurers, data around driver habits may be used to improve their risk assessment. Like, do they stick to speed limits or have a habit of racing through town?
It’s also crucial to know where the driver usually goes. Do they mainly stick to the main roads, or do they venture into riskier areas frequently? And, of course, the distances they drive and the times they’re on the road are significant factors too.
What the law says about data collection
George summarises it as “consent”. It’s essential to ensure that you collect data for the specific purpose you initially stated. If the purpose shifts beyond that, like if it’s for tracking or any other use, you’ll need to explain the additional purpose to the person and obtain their consent for it. This transparency not only maintains trust but also aligns with data privacy regulations that require organisations to be clear about how they use personal information.
By seeking informed consent when the purpose changes, you empower individuals to make informed choices about their data, which is fundamental to respecting their privacy rights.
In the telematics industry where data reigns supreme, South Africa faces a dual challenge of unlocking the immense potential of data-driven fleet management while safeguarding individual privacy. This balancing act hinges on informed consent, often embedded within employment contracts, and clear communication with data subjects.