Skip to main content
conference lunch move company map contacts lindholmen lindholmen 2 travel info


7 Guidelines for Responsible Use of Mobility Data

“Move fast and break things” used to be the mantra of Silicon Valley, not least by rideshare and scooter companies, who entered cities that were ill-prepared to regulate these new forms of mobility. That attitude of confrontation now appears to be over, with cities and mobility companies working together on a framework around data sharing and privacy.

At the recent conference of the North American Bikeshare & Scootershare Association (NABSA) a host of mobility companies (including Uber, Lyft, Lime, Bird and others, together with 20 cities from Pittsburgh to Long Beach) presented a new framework called the Privacy Principles for Mobility Data. This framework is designed as a ‘North Star’ for cities, organizations, and companies working in the mobility space. It is “a set of values and priorities intended to guide the mobility ecosystem in the responsible use of data and the protection of individual privacy.”

These principles have been a long work in progress and arose out of tension between local municipalities and the mobility industry. One of the key examples of this tension was between the Los Angeles Department of Transportation (LADOT) and ride-hailing companies like Uber and Lyft in 2019 (nearly 10 years after the companies were founded). LADOT enforced a mobility data specification format to ensure safety and coordination for scooters and bikes: for instance, geofencing changes in connection to road closers. The ride-hailing companies, however, interpreted these efforts as a slippery slope that risked overly constraining their core business activities.

Concerns over the required mobility data sharing wasn’t limited to just for-profit companies.  Non-profit groups such as the Center for Democracy and Technology also raised concerns over a lack of specificity and transparency. How was this data going to be used by the municipality?

The announcement of these privacy principles, and the support they have enjoyed so far at least, signifies a move from mutual suspicion and tension toward standardization.  

“Anytime there’s a situation in which data is being shared, especially data about movement is being shared, between a private sector entity and the public sector, there’s a need for guardrails. There’s a need for clear guidelines around how to protect privacy, what uses and types of data are appropriate.”

The seven principles that are supposed to set this new guideline are:

  1. We will uphold the rights of individuals to privacy in their movements.
  2. We will ensure community engagement and input, especially from those that have been historically marginalized, as we define our purposes, practices, and policies related to mobility data.
  3. We will communicate our purposes, practices, and policies around mobility data to the people and communities we serve.
  4. We will collect and retain the minimum amount of mobility data that is necessary to fulfill our purposes.
  5. We will establish policies and practices that protect mobility data privacy.
  6. We will protect privacy when sharing mobility data.
  7. We will clearly and specifically define our purposes for working with mobility data.

Now that the principles are announced and gaining wide adoption, the more difficult step is coming up next: implementation. The commitment to protect privacy when sharing mobility data (6) might be accomplished in any number of technical ways, like federated learning. Implementation means to move from the principled idea to a concrete digital and built infrastructure.

Personal Comment:

Our lives are increasingly digital. In mobility, the process of continual digitalisation means data is becoming increasingly rich, which provides increased services and features for users but can also provide useful information to city planners, logistics companies, and many more potential beneficiaries. As the data pie grows everyone wants a slice. The challenge is, as the article points out, to create guidelines that ensure this growing resource is used effectively, efficiently, and responsibly.

Mobility data is not the only place where these concerns arise. The EU’s GDPR regulation and even the proposed AI Act can be seen as ways of setting out guidelines for how digitalised interaction should play out between the various actors within the economy and society. In Europe, for example, mobility data sharing will already have to meet GDPR requirements. More specific guidelines for mobility data would have to work in concert with existing regulation.

Digitalisation may solve certain problems, but it also opens new problems. The announcement of these seven principles seems to me to represent a move towards greater maturity in the mobility as a service industry as industry, the public, and municipalities grapple with the potential goods and harms of these new services.

Written by Joshua Bronson,
RISE Mobility & Systems