With the release of TOMP-API version 1.2.0, we have added a few new features. In a series of blog posts over the next few weeks, we would like to go deeper into these innovations and explain the “what” and “why” in more detail. This first post is about the Personal information of users within the MaaS ecosystem.
Up to version 1.1.0, the approach to provide personal information ( drivers licence, Age, …) to Transport Operators was very simple: you had to put it into the correct fields with each booking request. This is not the optimal approach when it comes to privacy concerns; the end user never knows where his information flows and how this information is going to be used.
Luckily, in the field of Personal Information, a lot of progress is being made and there are quite a few initiatives (demanded by the EU), to have secure ‘personal data vaults’. With such vaults, the end-user will stay in control of her/his own data. In version 1.2.0 we added the possibility to communicate the vault and the personal access key, so the Transport Operator can try to fetch the personal information from the vault. The end-user can give his/her consent to provide the information and the Transport Operator can get the driver license.
This way of working is GDPR compliant, opening up a MaaS ecosystem without borders, allowing people to ‘roam’.