Data Protection Impact Assessment (DPIA)
What is Otiom?
Otiom is a system that provides a way to find people with dementia, when they leave a designated area or stay out for a period longer than desired.
Preamble
In order to create a system where it is possible to locate a person if the person leaves a designated area, Otiom needs to collect locations of the person. These locations may come in the form of beacons with a matching location or from a GNSS system which can provide accurate locations outdoors. Otiom collects the MAC addresses of beacons and longitude/latitude elements of the GNSS systems in order to establish the location of the person and then determine if the person is within the designated area or outside the designated area.
GDPR & DPIA
GDPR requires a DPIA to be completed if there is a high likelihood of restrictions of a persons freedom or rights from the use of the system.
Otiom is used with persons that primarily suffer from dementia or alzheimers and secondarily for persons that suffer from cognitive impairment.
Used in this context Otiom provides additional freedom for the person using the Otiom, as it’ll allow them to move more freely around than otherwise possible. Otiom often replaces an otherwise locked door, thus restoring freedom previously lost.
However the use of location aware technology should always be used with care and even if not required, the DPIA may be useful and visualize that the impact of the use of the technology have been considered.
Data collection
Otiom collects the following data on the Otiom-user. An Otiom-user is the person carrying the Otiom-tag and does not refer to a user a of the system, which may be care personnel or relatives.
For registering the Otiom-user in the system a name or alias is used. This is freely chosen by the caretakers and may be anything they deem useful for identifying the person.
- Alias (e.g. “Room-10”, “Hans” or similar)
For determining the location of the Otiom-user, Otiom collects MAC adresses from Otiom compatible BLE beacons and latitude & longitude of the GNSS system in the Otiom tag.
- Mac address of BLE beacons
- Latitude & longitude from GNSS system
Risks
To determine if the use of the system may restrict freedom or rights, we need to establish which freedom or rights the system could impose and if they are really restricting compared to status quo.
Action | Risk | Impact | Mitigation |
Collect location data for person | Locations may end up with undesired 3rd person | Other people may be able to see where the Otiom-user is. | Otiom is used with persons who cannot move around safely on their own and live in open care facilities where their location is already known. Otiom in using encryption for all data exchanges and requires logins for everyone accessing the system, thus limiting the access to person with prior provided acces. Otiom automatically cleans location data after 30 days as per Otiom retention policy. |
Sending alarms for breach of designated area | Otiom-user is located and brought back to the (care) home against their will. | Otiom-user may experience a reduced freedom and access to move around freely. | Otiom is used with persons who cannot safely move around outside the designated area on their own and the alternative is often the ‘locked door’ policy, which restricts the Otiom-user even further. Using Otiom provides more freedom than otherwise possible. |
While Otiom does, by the use of locations and alarms, limit the freedom of the person using the Otiom tag, then the alternative is even more restrictive, when Otiom is used in the correct context.
When Otiom is used in the wrong context (.e.g with a fully cognitive person), then the risk is still very small as the person can simply take the Otiom-tag off, if they feel it restricts their freedom. Otiom does not come with any predefined way of locking the Otiom-tag onto a person. Placing the Otiom-tag on a person in a way where the person is unable to remove the Otiom-tag is also not legal.
Summary
When Otiom is used in the context it was designed for, it provides additional freedom for the Otiom-user. With location aware devices there is always the risk of misuse, which is already illegal and not the purpose of Otiom.