Data Privacy Model from Geotab - a “data processor” perspective Notes to W3C Data TF re: Privacy/Consent wrt “data processor” for commercial fleets There are three main actors in the privacy, consent model; Data subject - typically the driver Data controller - person or company who collects personal data and uses data for their own purposes - typically the fleet; could also be vehicle OEM (“determines the purpose and means of the processing of personal data”).. Data processor - separate legal entity that processes personal data on behalf of the controller. Geotab is a data processor - is instructed to process data on behalf of the controller and obliged to keep data secure. Note: It is the responsibility of the data controller to obtain any required consent from the data subjects. Geotab current customer base are commercial fleets and leasing/rental companies. In the commercial fleet management space, the typical arrangement includes vehicle drivers that are employees of the commercial fleet company. Where required, employees would typically sign an “employment agreement” that includes employer’s right to process data or receive a notification that personal data is being used for business purposes. There could also be a union agreement. In the car leasing and rental space necessary consent provisions are often contained in leasing or rental contracts. Geotab has built instructions for personal data to be processed into its EUA; the EUA must be accepted by all users of the Gotab solution. Geotab also outlines specifics of data usage and general processing. All click acceptances are being logged. Geotab specifically states in its EUA that it does not make any claims as to ownership of customers’ individual vehicle data. While such a statement should not even be necessary (no one owns data) it has helped to alleviate customer concerns over exclusionary data ownership clauses that can sometimes be found in end user agreements. To repeat: The fleet manager is responsible for obtaining consent from drivers (data subjects) to the extent required by applicable law or union agreement. The driver is typically a fleet employee or contractor. Often this is covered in the employment or service contract or union agreement or via separate privacy notice. It is the responsibility of the data controller (fleet) not data processor (Geotab) to obtain this consent (if applicable). Data processors must follow the controller’s instructions and keep data secure.