The value of data has proven its importance in our increasingly digital world.
While the construction industry hasn't been digitalized as quickly as others, momentum is being gained. Using data, like the information provided by off-highway telematics systems, can increase efficiency and provide other benefits.
However, as noted by Tom Valbak Aardestrup, vice president of business development and strategic programs at AEM member company Trackunit, during AEM’s most recent Product Safety & Compliance Seminar, data must be collected and used with the utmost responsibility, particularly when it comes to personal data.
“There’s an enormous amount of data that is being collected and created, and the world is just connecting even more,” Valbak Aardestrup said. “There are new, cheap open source systems and sensors available that collect data, make it available and it yields amazing insights that we can use to become more efficient. We can work smarter. We can be better in the way we plan, design, conduct our business [and] monitor and learn from the operations of our projects.”
EMBRACING THE USE OF DATA
The ways that companies utilize data are crucial for success, and Valbak Aardestrup warns those who do not embrace the use of data may find their businesses obsolete.
“The world is changing by connecting digitally, but it definitely also brings in some challenging situations,” Valbak Aardestrup said.
According to Valbak Aardestrup, it is predicted that by 2025, we will have 175 zettabytes (ZB) of data being generated by systems supported by the Internet of Things (IoT). Of that vast amount of data, it is estimated that 90% of it will be less than 2 years old. In order to gain insights from that much data, machine learning and artificial intelligence will be required, putting greater emphasis on cybersecurity.
“It also needs to, of course, be something that can be utilized in a format that is sharable and standardized,” Valbak Aardestrup said. “And then again, of course, it needs to be in a safe and secure environment.”
As a result companies doing business in the European Union (EU), like Denmark-based Trackunit, must comply with the EU’s General Data Protection Regulation (GDPR).
“When talking about GDPR and all these other items, there is no question that the shared access to standardized data is a precondition for us to harvest the data. That, of course, needs to be regulated when that becomes the case,” Valbak Aardestrup said.
The GDPR was created for the protection of individual people living in Europe. It applies to all enterprises and governmental bodies, so OEMs selling or offering products within the EU must comply with the regulation.
“It ensures that companies only gather information that they need. It’s definitely a trust issue, and the aim is for me, as an individual person in the European Union, to control who has access to see and use my data,” Valbak Aardestrup explained.
The GDPR also provides an individual with the power to have personal data removed, and it ensures data is not exported out of the EU without the individual knowing.
What’s more, the GDPR ensures companies using data have a legitimate interest to do so.
DATA COMPLIANCE
Valbak Aardestrup notes the importance of understanding the GDPR, as the construction industry in Europe has had to navigate this “blanketed regulation” designed to protect consumers. The regulation created a number of challenges, especially within the construction industry. For example, heavy equipment rentals are a primary segment for tracking, which makes it vital to comply with GDPR as data must be kept secure to remain compliant.
The digitalization of the construction industry provides increased efficiency, better documentation, automation of job sites, improved maintenance practices, less downtime and safer working environments. Understanding what is considered personal data and how it can be used properly is critical.
Examples of personal data within the construction industry can include CCTV monitoring of premises and job sites, databases of email addresses, the GPS location of equipment when an operator is logged in, weight sensors on a driver’s seat and more. Further, any bio-metric information – like fingerprints – is considered sensitive information and regarded higher with additional protections.
While compliance is required, there are proper ways to utilize personal data, provided a company has a legitimate interest for using the data.
“It has to be fair and transparent,” Valbak Aardestrup said.
For example, if someone wanted to find out how a machine is being operated, only the data coming through for that specific time can be used to solve that challenge.
“You have to ensure consent is actively submitted,” Valbak Aardestrup added, noting this can be included contractually in an employment letter.
To avoid challenges, Valbak Aardestrup recommended that data handling becomes an integrated part of a company’s culture so that data is secure and used within the confines of the GDPR. Protecting an individual’s data must begin when a company is starting to design and develop new solutions that will be introduced to the market.
“It’s challenging if you have one regulation that is meant for a consumer, or meant for one specific industry, is then blanketed across a lot of other industries. That will create some complexities,” Valbak Aardestrup said.
“There’s also an ever-growing challenge of security. Now C-levels across the globe are seeing that, actually, data security and cybersecurity is one of their top concerns,” Valbak Aardestrup added.
Few updates to the GDPR’s text have been made. However, Valbak Aardestrup noted that self-certifying through a privacy shield is no longer allowed.
Regulations are being developed outside the EU, as well. For example, the California Consumer Privacy Act (CCPA) has been in effect since Jan. 1, and it’s expected to become a standard within the U.S. in the near future.
However, Valbak Aardestrup pointed out the GDPR is more stringent than the CCPA.
“If you’re active in the EU, I would suggest that you, first, focus on being compliant with GDPR and then, second, if need be, be compliant with CCPA,” Valbak Aardestrup said. “I would presume if you are an American company dealing in Europe, you’re most likely also doing deals in California.
“The GDPR is still stricter than what we see with the CCPA. So at least the suggestion is it will be easier to go for GDPR and still be compliant with CCPA, than the other way around.”
NEXT STEPS
As the construction industry wades further into a digitized future, it is imperative that companies exercise caution in regard to data.
The data controller – often the machine owner, when it comes to construction – needs to confirm it has consent from system users and make any legitimate interests clear. They should be prepared to note who is watching the data, why the data is being collected and how long the data will be kept under their control. The data controller also must be able to delete data if the data subject chooses to have their information removed.
Data processors, like OEMs, must ensure the legal framework is in order, so data can be transferred within the context of the regulation.
Without self-certification, the data processor must secure standard contractual clauses between all entities. This may amount to several contracts being signed in order to guarantee a data processing agreement is in place. An alternative is creating binding corporate bylaws, but that must go through a full EU approval process in Brussels.
If partnering with data sub-processors, make sure they understand all regulations and can comply with them. For example, sub-processors should have standard contractual clauses in place if they are also exporting data from the EU to the U.S., and they should have built-in data protection as well.
Valbak Aardestrup also recommended a company document compliance processes and keep records; update and maintain processes and records, and ensure processing partners are compliant.
Individual companies can begin implementing best practices regarding data regulations by adding data sharing clauses into employer contracts and employment offer letters.
“If this has not been done already within your company, start putting into your offer letters clauses that actually say you should be aware that you might be tracked, we might be using your personal information for these purposes, and by signing that contract later, the data subject actually gives their consent,” he said.
As the EU continues to navigate the GDPR and the U.S. develops its own regulations, like the CCPA, Valbak Aardestrup urged industry stakeholders to work with lawmakers to pass regulations that take into consideration the logic and best practices and general work processes of the construction industry. He said leveraging associations like the AEM could help avoid mistakes made by the EU and avoid blanket legislation from hindering the industry’s digital growth.
“The challenge comes when something meant for consumer protection is thrown across all industries,” Valbak Aardestrup said.
Avoiding this can help members of the industry embrace digitalization and its related benefits, and usher in the future of the industry with fewer hurdles.
Subscribe to our AEM newsletters for information on trends important to the equipment manufacturing industry and the markets they serve.
