What happens to data?
The German government is responsible for the truck toll system,since it is a sovereign matter. As the operator of the toll system, Toll Collect GmbH is a subcontractor for the Federal Office for Goods Transport (BAG). In this statutorily defined role, Toll Collect implements the requirements of the Motorway Toll Act (ABMG) and the Truck Toll Regulation (Truck Toll Regulation) as well as the Federal Data Protection Act. As the client, BAG must define the requirements to be implemented and can issue instructions.
In this regard, a data protection and security policy was developed at the tender offer stage. Since then, this policy has been updated and made more specific as the system has been established. This data protection policy is continously coordinated with BAG and the Federal Commissioner for Data Protection, which are the competent oversight authorities. This is the basis for implementign data protection law requirements in ongoing operations.
Permission to process data for the toll system is provided primarily by the ABMG and the Truck Toll Regulation. However, the provisions not only permit data processing, but at the same time prescribe strict earmarking for a specific purpose and short deletion deadlines for the operator. Toll Collect processes data for the purpose of operating the toll system only within the confines of this statutory permission. Only the data listed in § 4 (2), § 7 (2) and § 8 of the ABMG and in the Truck Toll Regulation is recorded. This data is processed by the operator, as an agent of the sovereign acting on behalf of the Federal Office for Goods Transport, strictly in accordance with data protection guidelines and exclusively for the statutorily prescribed purpose of toll collection.
 |
How is data processed by the control bridges?
Vehicle information is recorded at the control bridges in accordance with the legislative guidelines. § 7 (2) of the ABMG permits photographing vehicles and recording their number plate for the purpose of monitoring compliance with the provisions of the Toll Act. Under § 9 (5) of the ABMG, this data is to be deleted immediately after the control process if the vehicle is not required to pay toll. Toll Collect processes photos of vehicles and number plate data only for the listed statutory purposes and in accordance with the provisions on deletion. The drivers cannot be recognized in the photos. Moreover, when vehicles that are determined not to be required to pay toll, the photo is not evaluated with respect to the number plate, but is deleted within a fraction of a second.
Are travel profiles sold to others?
Only the registered user receives the information (in the bill) about what route the truck traveled at what time adn what toll the user has to pay. It is not possible for third parties to create travel profiles because only BAG and Toll Collect GmbH have access to billing data. The bill lists only the starting time of each route billed for. No average speed can be determined on this basis for use by law enforcement authorities. The On-Board Unit does not record any information on the speed of the truck and its load.
Does Toll Collect have a data protection and security policy?
Toll Collect GmbH has developed a comprehensive and integrated data protection and security policy for the toll system. The technical measures conform to the current state of security technology and are continuously refined.
A need-for-protection analysis was conducted for all components in accordance with the Basic IT Protection Handbook published by the Federal Office for the Security of Information Technology (BSI) , which took the risks to availability, integrity, and confidentiality into account. The data to be processed must be classified according to its sensitivity and the technical and organizational precautions required by the classification scheme must be taken.
Based on this security concept, security measures are taken for personal data to prevent such data from being used for unauthorised purposes or from becoming known to unauthorised persons.
Personal data is transmitted only in such messages and to such an extent as is necessary to fulfill statutory toll collection purposes or to perform tasks set forth in the contract with the user. The security concept takes into account that the communications (SMS or GPRS) are transmitted over public networks. To protect against unauthorised access by third parties, the messages sent from the OBU to Toll Collect headquarters are encoded using our own encryption process. In addition, the communications partner is authenticated. A closed (end-to-end) security chain is always formed with cryptographic functions to prevent the manipulation of data and any "listening in" on information.
It is not possible to access and read information in an OBU. Modified SIM cards designed solely for data communication are used. Speech communication is not possible. Only authorised service stations have the capability to work on terminals. Reading out data from an OBU requires an access code, which may not be given to third parties. If an attempt is made to manipulate an On-Board Unit or if it is stolen and re-installed, the control technology automatically recognises this.
A data protection and security organization with data protection and security coordinators in certain operating areas has been established. Need-for-protection analyses and measures are documented in a database and made available to the competent employees in the data protection and security organization.
The truck toll system is operated under high security standards with a security organisation that can react quickly to security incidents. The Data Protection and Data Security Divisions work together closely here.
|
General
Data protection and security
Introduction