New frontier of shared mobility poses data security challenges
Shared mobility companies such as Uber, Lyft, and Lime are becoming increasingly common, but despite the benefits these companies offer, they also pose difficult questions regarding data security: To what degree are people tracked in these new modes of transportation, and who gets to see the data?
“As more and more data is being generated from individuals’ travel patterns and behaviors, the need for clarity around how to collect and process this data is growing,” writes University of Minnesota graduate Thomas Ebert in a paper prepared for the Twin Cities Shared Mobility Collaborative. The paper served toward Ebert’s master’s degree in public policy, which he received in December; his advisor was Frank Douma, director of the State and Local Policy Program at the Humphrey School of Public Affairs.
Shared mobility companies offer much potential. The City of Minneapolis, for example, launched a foot scooter program in 2019 designed to place scooters in low-income neighborhoods and provide alternative access options. To better understand how to streamline the program, however, the city needs data on scooter use—and that’s where things get complicated.
Laws and methodologies regarding shared mobility data are, Ebert notes, scattered in the US. There are no federal-level laws, and rules vary from state to state or even city to city. Consumers tend to be concerned about how their data is used, and this is not without basis; location data, if used carelessly, can be used to identify a person.
“Mobility data is becoming more available,” Ebert says, “and the chance for it to be abused or mishandled grows.”
A lot of this has to do with how new the technology is. “Five years ago, nobody was talking about this,” says Danielle Elkins, FUSE executive advisor with the City of Minneapolis Department of Public Works. (FUSE is a national nonprofit that partners with local government.) “Ten years ago, it didn’t exist.”
Creating methodology for handling this data, Elkins says, is challenging for such young technology. Uber was founded in 2009, but the rideshare business model has only really become viable in the last four years or so. Scooters are an even younger option, stretching back a mere two or three years. Understanding trends and developing systems accordingly is difficult with so little data.
Clarity and specificity will be key to making this work, Ebert says. Consumers should be fully aware of what information is being collected, and that data should be strictly limited. The Minneapolis scooter program, for example, collects only location information. The data is also very non-granular—only specifying what street a scooter is on within a 15- or 30-minute interval—and the information is never saved to a server, but instead processed in-memory.
Efforts are also being made to standardize how cities handle shared mobility data. In 2018, the National Association of City Transportation Officials announced the launch of SharedStreets, an independent, nonprofit platform designed to allow secure, standardized data sharing between public and private organizations.
Minneapolis, Elkins says, is also represented on the board of the Open Mobility Foundation, a global nonprofit that creates a governance structure around open-source mobility tools. Many of the transportation goals of Minneapolis 2040, the city’s comprehensive plan, will rely on the collection of data from shared mobility providers.
"Moving forward, the landscape of data privacy is going to be shifting,” Ebert says. “This means that governing bodies and transit planning organizations need to take careful steps when collecting, processing, and using data collected from shared mobility.”