Will a RUC System Infringe Upon My Privacy?

Insight

Many drivers refuse to surrender their driving data to anyone, especially the government. They don’t believe a pay-per-mile system can possibly protect their data. Is this skepticism rooted in truth?

Data privacy has remained a central issue for mileage-based user fees since the concept’s infancy. Despite the fact that today we knowingly share droves of personal data through our online habits and in-app activities and paying the federal income tax, the idea of someone possibly keeping a record of our driving history somehow feels a little too “Big Brother” to some. And it’s a major hurdle that can delay or even terminate the implementation of RUC in communities with spirited skeptics.

So how do RUC systems deal with privacy, and what can be done to preserve and protect drivers’ sensitive information? Here are the 3 things to keep in mind when faced with hesitation:

Drivers have mileage reporting options that cannot identify an individual vehicle’s location.

A traditional RUC system utilizes both location-aware reporting options and non-location-aware mileage reporting options. These include smartphone apps, vehicle plug-in devices with GPS, plug-in devices without GPS, and odometer readings. Drivers with privacy concerns should choose one of the last two of these options, as they do not involve sharing drivers’ personal location information nor rely on capturing driving habits like speed or accident history.
Third-party vendors are legally obligated to destroy drivers’ data.

Passage of a law to protect the privacy and security of any personal information and data captured within a RUC program. Legal protections prohibit the transfer or sale of personal information without the vehicle owner’s written consent and impose penalties for violators and establishment of personal rights for per-mile fee payers. The law would require third-party vendors to destroy data shortly after processing payment, which should help to ease tensions.

Additional privacy measures can be taken to further enhance drivers’ privacy.

Data encryption, data masking and regular data purging are just a few supplemental actions that can protect drivers’ data even further. Several states that have enacted protocols that require that all mileage data collected must be destroyed within 30 days after the data is no longer needed. Additionally, some per-mile fee programs destroy data on mileage recording devices once an account manager reports confirmation of receipt of that data.

For states just starting to explore RUC, privacy protections should be managed from the get-go. Make it clear that participant demographic information would only be used for research purposes, and only if the data is anonymized, to help policymakers better understand how a road charge might affect groups in distinct ways. Emphasize that participants must provide explicit consent to the use of location-based information in the pilot program and inform them of their right to review all personal information and data collected and stored as part of the pilot. Lastly, make sure that data protection principles (like strong password authentication and IT network security best practices) are clear and enforced.

It’s important to emphasize that privacy protection measures can—and should—be taken to ensure drivers’ piece of mind throughout all stages of the RUC implementation process. For help thinking through any of these elements, reach out to CDM Smith’s road usage charging experts.

Related Capabilities

Rural and long-distance drivers often object to the per-mile fee for fear that a distance-based fee will unfairly burden them relative to urban drivers. Is this geographic inequity real or imagined?

Find Out More

Advocates for EVs have expressed concern, claiming RUC hampers adoption and sends the wrong message to drivers who’ve prioritized environmental stewardship. How can policy makers justify a shift that disincentivizes EV driving?