Personal Data Protection Law and Privacy in Mobile Mapping: What You Need to Know

Technological advancements in mobile mapping have brought numerous benefits to public and corporate management, allowing for detailed and precise urban data collection. However, this convenience also introduces important challenges related to privacy and the security of personal data, especially in places like Europe and Brazil, following the implementation of the Personal Data Protection Law.

What Is the Personal Data Protection Law?

The term Personal Data Protection Law refers to a set of legal regulations designed to safeguard individuals’ privacy and personal information. Each place has its own version of this law, adapted to its social, cultural, and technological context.

In the European Union, the GDPR (General Data Protection Regulation) provides a unified legal framework across member states, also mandating the protection and anonymization of personal data collected in public spaces. 

In Brazil, the LGPD (Lei Geral de Proteção de Dados Pessoais) establishes strict rules for the collection, storage, and processing of personal data, requiring companies to anonymize sensitive information such as faces and license plates during mobile mapping.

In the United States, there is no single federal law like the LGPD or GDPR, but several state-level laws, such as the CCPA/CPRA in California, VCDPA in Virginia, and TDPSA in Texas, require companies to protect personal data, though they do not prescribe specific methods like blurring faces. 

Other Latin American countries, including Mexico, Argentina, Colombia, and Chile, have their own data protection laws inspired by the LGPD and GDPR, generally obligating companies to safeguard personal information, obtain consent, and apply anonymization or pseudonymization when handling sensitive data in activities such as mobile mapping.

Despite differences in structure and enforcement, all these laws share the same goal: to ensure that personal data is collected, processed, and stored responsibly, with respect for individuals’ privacy and informed consent.

How Does the Personal Data Protection Law Apply to Mobile Mapping?

In the context of mobile mapping which frequently uses georeferenced 360° street imagery, it is possible to incidentally capture personal information such as faces, vehicle license plates, or identifiable elements of private properties.

For the case of mobile mapping:

• The GDPR considers personal data to be any information that can directly or indirectly identify an individual, including faces, vehicle license plates, and precise location data.

• Mapping companies that collect images of public streets must anonymize personal data, usually by blurring faces and license plates, exactly as required by the Personal Data Protection Law in Brazil.

• In the European Union: Member countries may establish additional rules, for example, regarding data retention periods or specific uses of images, but the general provisions of the GDPR already impose strict data protection requirements.

  
  

To comply with the Personal Data Protection Law in this scenario, several practices should be followed:

1. Anonymization and Automatic Blurring

Technological tools can be used to ensure the anonymity of individuals captured in images. ARX Tecnologia, for example, uses its advanced Artificial Intelligence module, ARX A.I., which automatically detects and blurs faces, vehicle plates, and other sensitive identifiable elements, significantly reducing the risk of personal identification.

Without the use of this tool, to comply with the guidelines of the Personal Data Protection Law applied in Brazil, the randomization of these features would need to be performed manually, requiring a dedicated team, increasing execution time, additional costs, and the risk of human error.

Moreover, the Brazilian Personal Data Protection Law includes specific regulatory nuances that many systems developed outside Brazil are unable to fully meet, reinforcing the importance of national solutions such as ARX A.I.

2. Transparency and Consent

The Personal Data Protection Law requires that any collection of personal data be carried out with transparency. Although obtaining explicit consent may not be practical in large-scale urban mapping projects, it is essential to clearly inform the public about the purpose of the project and how the collected data will be used.

3. Data Security 

Collected data must be securely stored to prevent leaks or unauthorized access. It is recommended to adopt strict information security protocols, including encryption, access control, and periodic audits.

The Role of Companies and Municipalities

Companies and municipalities that utilize mobile mapping must ensure compliance with the Personal Data Protection Law from the project planning stage onward. This includes:

• Clearly defining which data will be collected and for what specific purpose;

  
  

• Implementing internal procedures to ensure privacy and data security;

  
  

• Training employees and teams involved in best practices for personal data protection;

Using advanced technological solutions such as ARX A.I. to ensure that data processing is performed securely and in full legal compliance.

Benefits of Compliance

In addition to meeting legal requirements, complying with the Personal Data Protection Law builds public trust and prevents significant legal and financial penalties. Companies and public institutions that demonstrate respect for privacy and data security gain credibility with both the public and the market.

Conclusion

Responsible adoption of mobile mapping, while adhering to the guidelines of the Personal Data Protection Law and using advanced technologies like ARX A.I. allows organizations to fully leverage the potential of this technology without compromising individual privacy.

By following best practices and ensuring the security of collected information, public administrators and companies can achieve sustainable and socially responsible projects that align with data protection laws.

If you want to learn how the ARX A.I. system can streamline ARX’s data organization and compliance process, contact our team and schedule a demonstration.