TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Privacy Tech | E-scooters becoming forum for mobility data privacy decisions and legislation Related reading: Notes from the IAPP Canada Managing Director, 23 Feb. 2024



From ion battery–powered e-scooters floating in rivers to scooter riders without helmets, cities that have welcomed the popular personal vehicles have a lot to contend with. Then, there are the data issues. City governments, e-scooter providers and third-party data management firms are negotiating agreements and rules that could set precedents for future mobility-related data practices for data-centric and autonomous cars and freight vehicles, delivery drones and more. And, along with privacy considerations, proposed state legislation could limit city control even more.

Stakeholders meeting at this busy intersection share some common goals while butting heads over the details. Local governments want granular data to help improve city mobility services and ensure equitable transportation options, e-scooter providers worry about user privacy and intellectual property concerns, and civil rights observers want strong data privacy policy and protection against law enforcement access.

The Los Angeles Department of Transportation is a key voice in the conversation. In September 2018, the agency introduced a standard for mobility data that cities across the country have adopted or considered. LA’s Mobility Data Specification provides a template for data requirements for providers of dockless bike shares, e-scooters and shared-ride providers that work within the public right of way.

“I think [the MDS is] especially interesting because it’s clear that they’re trying not just to manage their streets today but to set themselves up for managing their streets for an autonomous future,” said Sarah Kaufman, associate director of the NYU Rudin Center for Transportation.

The common set of specs for how data should be delivered to cities is intended to enable smoother, more standardized agreements between private mobility firms and governments still bruised by the aggressive tactics of popular ride-sharing firms that have held a tight grip on ride-share data.

"LA needs data to innovate, adapt and thrive, which is why we built the Mobility Data Specification. After the initial rollout and with several mobility providers now in the market, dozens of cities across the globe recognized a similar need and adopted MDS to manage micromobility products in their communities, including Santa Monica, Portland, San Francisco, Chicago, Austin, Louisville, and Lisbon Portugal,” a LADOT spokesperson said.

Strange privacy bedfellows  
But many working in the space are concerned that despite city demands for data from mobility tech partners, most municipalities don’t have strong enough data governance policies in place to protect against data leaks, hacks, public records and law enforcement requests or reidentification techniques that transform supposedly anonymized data back into personally identifiable information and reveal travel details of specific individuals.

Those data access, privacy and security concerns are making for strange bedfellows, aligning privacy rights groups with mobility tech firms often criticized for excessive data gathering. For instance, a variety of entities in the new mobility industry, from Lyft to third-party data management firms to privacy advocates, have expressed concern about aspects of the LA specifications that require real-time or near-real-time remote measurement telemetry data showing point-by-point scooter travels.

In public comments submitted in relation to LA’s mobility data specs and data protection principles, the Electronic Frontier Foundation stated the MDS did not recognize the personal nature of granular trip information, failed to limit use and retention of precise location data, and failed to commit in writing requirements for a warrant for location data.

Uber-owned e-scooter provider Jump also raised concerns in public comments sent to LA that e-scooter data should be treated as personal data. In response to EFF and Uber, the city stated, “LADOT has and will continue to consider all data from Dockless Mobility Providers as Confidential Information, making it exempt from California Public Records Act ... requests and subject to restricted access per the City Attorney and the City’s Information Handling Guidelines.”

It appears, however, that other cities adopting LA’s standard will not go so far as to ask for real-time point-by-point location data, but less-granular information such as data showing locations when trips started and ended. Even this level of data causes privacy concerns.

Despite their public hand-wringing over privacy, mobility firms are concerned their proprietary data could get into the hands of competitors or third-party entities. In its LA comments, Lyft noted specific concern regarding LADOT’s use of mobility data management and analytics firm Remix to ingest, store and interpret mobility data.

“These companies, these operators, there’s a reason they’ve been using privacy as kind of a human shield: they want to protect the data for competitive reasons,” said William Henderson, CEO of Ride Report, a company providing data auditing, management, analysis and enforcement tools to cities in the U.S. and overseas including Atlanta, Austin, Fort Lauderdale, Portland, Oakland and Madrid.

New laws could preempt city control
State legislators are stepping in. Bills moving through legislatures in California and North Carolina would guard e-scooter data from public records requests or law enforcement. A North Carolina Senate bill calls for trip data to be treated as personal information and proprietary trade secrets exempt from public records requests or public disclosure and not shareable with law enforcement.

Statewide laws could preempt city rules for new mobility firms. A bill moving through California’s Assembly could limit the granularity of data cities can require from shared mobility providers, allowing cities to require deidentified and aggregated trip data from mobility providers, but prohibiting the sharing of individual trip data.

Meanwhile, competing bills moving in tandem through the Oregon House that would regulate ride-hailing firms could determine whether the state limits city control over data requests from so-called transportation network companies. Bill watchers believe the outcome could set precedents for the ability of local authorities to make rules for e-scooter and other new mobility firms.

Ultimately, many working in this arena advise cities and others handling mobility data to limit the amount they gather and, in some cases, purge the raw data completely once aggregation or analysis is complete.  

“One of the things you could do in your city is to minimize the amount of raw data that your agency receives and aggregate the data as quickly as possible,” said John Kennedy, deputy city attorney in San Francisco City’s Attorney’s Office, speaking during a panel on transportation tech legal and policy issues during the Urbanism Next Conference in Portland, Oregon, May 9.

He continued, “If you dump the raw data, you don’t have it in your possession, you don’t have to provide it in response to public records requests and you can use that data for your own transportation-related purposes.”

photo credit: John Brighenti Scooter Tippin' via photopin (license)


If you want to comment on this post, you need to login.