As regards personal data protection, the architecture of the technologies through which the projects are implemented is based in particular on the following legal documents.
- 88 of Act 127/2005 Coll., on Electronic Communications, the aim of which is to ensure security of personal, traffic and location data and confidentiality of communications; and Act no. 101/2000 Coll., on Protection of Personal Data.
The technologies are based in particular on traffic data (s. 90 of Act no. 127/2005 Coll.) and location data (s. 91 of Act no. 127/2005 Coll.). The method to ensure obligations of s. 88 of the Act in relation to the products is based on subsection 2 of s. 90 of Act 127/2005 Coll., with the following wording: “The undertaking providing a public communications network or publicly available electronic communications service who processes and stores traffic data, including the appropriate location data relating to the user or subscriber, shall erase such data, or render them anonymous, once they are no longer needed for message transmission, except as provided in subsections 3 to 6“. The exceptions as stipulated in subsection 3 to 6 concern the following cases: Subsections 3) and 4) disputes concerning billing or the provision of services; Subsection 5) network abuse meaning consistent late payment of the billed price or execution of malicious and harassing calls; Subsection 6) marketing of the electronic communications services or for the provision of value-added services, provided the user or the subscriber to whom the data concern gave a prior consent.
For the purpose of processing the mobility data in time and space, anonymisation is performed, i.e. the traffic and location data are rendered anonymous once they are no longer needed to transmit the message. The anonymisation is performed in accordance with the requirements of Act no. 101/2000 Coll., i.e. so that the processed data can no longer be regarded as personal data according to s. 4(a) of Act 101/2000 Coll., where “personal data means any information relating to an identified or identifiable data subject. A data subject shall be considered identified or identifiable if it is possible to identify the data subject directly or indirectly in particular on the basis of a number, code or one or more factors specific to his/her physical, physiological, psychical, economic, cultural or social identity.”
Using a secure algorithm, the unique user ID from the network signalling is in practice replaced by another unique ID not linked to any subscriber’s data recorded by the mobile network operators. As regards possible subsequent indirect identification, aggregations similar to those applied by the Czech Statistical Office are subsequently applied during the processing. Estimation generalisation on the core population changes the data character, thus inhibiting possible monitoring of a particular person.