Rider Data Privacy: Cities & Mobility Companies Agree on Guidelines

Data Privacy and Collaboration in the Mobility Sector

Companies like Uber, Lyft, Spin, Bird, and Lime are actively collaborating with city governments to establish clear guidelines for safeguarding rider data. This proactive approach signifies a shift towards greater responsibility within the evolving transportation landscape.

The Privacy Principles for Mobility Data, unveiled at the North American Bikeshare & Scootershare Association (NABSA) conference, represent a significant advancement in cooperation. Previously, cities and these companies often found themselves at odds regarding access to transit data.

Development of the Guidelines

These guidelines are the result of a collaborative effort involving over 20 cities, privacy advocates, technology firms, mobility service providers, and organizations such as NABSA, the New Urban Mobility Alliance (NUMO), and the Open Mobility Foundation (OMF).

The emergence of new transportation technologies has generated vast amounts of data concerning movement patterns. Cities naturally seek access to this data to inform policy and regulatory decisions related to private business operations within public spaces.

Past experiences with ride-hailing services highlighted the difficulties regulators faced in obtaining essential data from private companies. This data is crucial for understanding service usage, community impacts, labor practices, and climate goals.

Jascha Franklin-Hodge, executive director of OMF, emphasized during the NABSA conference that early ride-hailing deployments often occurred without adequate regulatory oversight. Cities frequently lacked even basic data about how these services operated on public streets.

Uber, founded in 2009, and Lyft, established in 2012, initially resisted data sharing. It wasn't until around 2018 that Uber began sharing data related to curb usage, traffic speeds, and overall transit patterns to assist cities in optimizing limited public spaces.

Proactive Data Sharing and the MDS

Angela Giacchetti, OMF’s member engagement manager, explained to TechCrunch that cities learned from the ride-hailing experience. They adopted a proactive stance with micromobility, seeking information upfront regarding vehicle deployment, parking locations, infrastructure stress, and safety needs.

The Los Angeles Department of Transportation (LADOT) pioneered this approach in 2019 with the introduction of the “mobility data specification” (MDS). This data-sharing format enabled transit agencies to collect vehicle data from scooter and bike companies while simultaneously providing them with relevant information, such as geofencing locations based on street closures.

LADOT mandated MDS compliance for scooter and bike-share companies. However, the ride-hail industry, through its scooter subsidiaries, contested this requirement. They viewed city access to company data as a potential overreach, fearing it could extend to ride-hailing data and compel companies to prioritize community needs over profits.

Uber, Lyft, and privacy organizations like the Center for Democracy and Technology and the Electronic Frontier Foundation voiced concerns during a public comment period regarding LADOT’s use of MDS. They questioned how data would be de-identified and utilized.

Building Strong Privacy Frameworks

Following a period of discussion and consideration, stakeholders have collaborated to establish robust privacy protection frameworks. The goal is to ensure that essential privacy rights are not compromised as our lives and movements become increasingly digitized.

“Anytime there’s a situation in which data is being shared, especially data about movement is being shared, between a private sector entity and the public sector, there’s a need for guardrails,” stated a key contributor to the initiative. “Clear guidelines are needed to protect privacy and define appropriate data uses.”

The Seven Core Principles

The Privacy Principles for Mobility Data encompass seven key tenets:

• Upholding individuals’ privacy rights regarding their movements.
• Ensuring community engagement, particularly from historically marginalized groups, in defining mobility data purposes, practices, and policies.
• Communicating mobility data purposes, practices, and policies to the public.
• Collecting and retaining only the minimum necessary mobility data.
• Establishing policies and practices to protect mobility data privacy.
• Protecting privacy when sharing mobility data.
• Clearly defining the purposes for utilizing mobility data.

Establishing these guidelines is merely the initial step. Sustained momentum and accountability are essential to ensure adherence by both governments and operators.

Tamika Butler, a community organizer, transportation consultant, and lawyer, told TechCrunch that a significant challenge lies in the lack of transparency and trust surrounding data usage, even when cities implement these principles. She emphasized the importance of implementation, accountability, and transparency, moving beyond mere pledges and statements.

Giacchetti acknowledges the absence of a prescriptive implementation method but stresses that the principles are designed to be actively engaged with and integrated into each endorsing organization’s practices. The creators encourage organizations from both the public and private sectors to endorse and utilize these principles to shape transportation policies and mobility data practices.