Ensuring Privacy in C-ITS: GDPR Compliance in Surveillance Datasets
In the rapidly evolving landscape of cloud computing and edge technology, the DECICE Project emerges as a pioneering initiative to improve collaboration among HPC, cloud, edge, and devices. At its core, the project strives to construct a robust framework that not only facilitates seamless collaboration but also prioritizes security. Acknowledging the importance of safeguarding personal data, it is a necessity for applications operating on this platform to integrate privacy measures into their operations.
As one of the use cases in the DECICE project, BigTRI and Marmara University collaborate to exploit the capabilities of the DECICE framework focusing on C-ITS (Cooperative Intelligent Transportation Systems). This use case is tailored for increasing the safety of VRUs (vulnerable road users that are pedestrians, bicycles, motorcycles, etc.) on smart intersections; incorporating cloud and edge computing, and mounted cameras for 3D localization of the VRUs, and V2X communications for informing human-driven and autonomous vehicles about the risks of dangerous situations. For more information about the use case, please visit the previous article “Use Case 1: Enhancing Autonomous Driving with Device-Edge-Cloud Intelligent Collaboration Framework”).
While VRU Detection Applications in C-ITS provide security for VRUs and drivers, they can also cause privacy issues due to the use of camera frames that may contain images of people traveling in the area. People and other objects in the images obtained must be protected from access and use by unauthorized persons. It is essential to establish mechanisms to ensure data confidentiality during the data collection, transfer, processing, and storage stages.
Ensuring the privacy of personal data is also covered by the General Data Protection Regulation (GDPR), which is a regulation that includes statements for an individual’s right to protect and have control over their data [2]. Many cryptographic technologies are applied to ensure GDPR compliance in the landscape of technological developments [3][4][5]. ITS (Intelligent Transportation Systems) applications with surveillance cameras are among these developments.
Mitigating Privacy Risks in VRU Detection Application: Camera Frames Containing Personal Data
BigTRI and Marmara University incorporate data privacy and data integrity in the development of the use case application to ensure the video frame transmitted over the network is protected and doesn’t expose personal data. Hence, a selective encryption approach is employed to meet the privacy requirement while also considering the performance of the application.
The proposed system consists of a surveillance camera mounted at the intersection area, an edge device, and the cloud for training and storage. The captured frames are processed to extract object regions of interest (RoI) within the image, and an encryption model is applied to enable the encryption of individual RoIs to ensure confidentiality and data integrity. Following this process, the frames, now with encrypted personal data, are transmitted from edge devices to the cloud over the network. The encrypted frames are securely stored, ensuring that personal data remains protected throughout the storage lifecycle. The stored data is retrieved and decrypted on the cloud server to perform advanced model training with the incremental learning technique for enhancing various key performance metrics of the model.
In conclusion, the DECICE Project not only aims for seamless integration across the diverse landscape of hardware and software but also the security and privacy within the computing continuum. To complement the solutions for establishing these, it is also a requirement for the applications to incorporate security and privacy in their operations. To mitigate the issues of privacy and ensure GDPR compatibility, the VRU Detection Application employs a selective encryption approach, with a commitment to privacy and performance.
Authors: Fatmanur Özdemir (Marmara University), Berkay Yaman (BigTRI Bilisim A.S.)
Reference
[1] Badii, Claudio/ Bellini, Pierfrancesco/ Difino, Angelo/ Nesi, Paolo (2020), Smart City IoT Platform Respecting GDPR Privacy and Security Aspects, IEEE Access, vol. 8, pp. 23601-23623, doi: 10.1109/ACCESS.2020.2968741.
[2] European Parliament and the Council of the European Union Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (2016), Available at: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679.
[3] Zhang, Xing/ Seo, Seung-Hyun/ Wang, Changda (2018), A Lightweight Encryption Method for Privacy Protection in Surveillance Videos, IEEE Access, vol. 6, pp. 18074-18087, doi: 10.1109/ACCESS.2018.2820724.
[4] Rastoceanu, Florin/ Hritcu, Daniel/ Grozea, Constantin/ Lazar, Marilena (2022), Securing Personal Data in a Video Identification System, 2022 14th International Conference on Communications (COMM), Bucharest, Romania, pp. 1-6, doi: 10.1109/COMM54429.2022.9817196.
[5] Truong, Nguyen Binh/ Sun, Kai/ Lee, Gyu Myoung/ Guo, Yike (2020), GDPR-Compliant Personal Data Management: A Blockchain-Based Solution, IEEE Transactions on Information Forensics and Security, vol. 15, pp. 1746-1761, doi: 10.1109/TIFS.2019.2948287.
Links
Related News Article: https://www.decice.eu/project-news/enhancing-autonomous-driving/
Marmara University: https://www.marmara.edu.tr/
Big TRI: https://www.bigtri.net/
Keywords
gdpr, intelligent-transportation-systems, c-its, edge, cloud, privacy, security, cooperative-intelligent-transportation-systems, vru, v2x
