If you rely on shared biked or scooters, your location privacy is at risk. Cities across the United States are currently pushing companies that operate shared mobility services like Jump, Lime, and Bird to share individual trip data for any and all trips taken within their boundaries, including where and when trips start and stop and granular details about the specific routes taken. This data is extremely sensitive, as it can be used to reidentify riders—particularly for habitual trips—and to track movements and patterns over time. While it is beneficial for cities to have access to aggregate data about shared mobility devices to ensure that they are deployed safely, efficiently, and equitably, cities should not be allowed to force operators to turn over sensitive, personally identifiable information about riders.
As these programs become more common, the California Legislature is considering a bill, A.B. 1112, that would ensure that local authorities receive only aggregated or non-identifiable trip data from shared mobility providers. EFF supports A.B. 1112, authored by Assemblymember Laura Friedman, which strikes the appropriate balance between protecting individual privacy and ensuring that local authorities have enough information to regulate our public streets so that they work for all Californians. The bill makes sure that local authorities will have the ability to impose deployment requirements in low-income areas to ensure equitable access, fleet caps to decrease congestion, and limits on device speed to ensure safety. And importantly, the bill clarifies that CalEPCA—California’s landmark electronic privacy law—applies to data generated by shared mobility devices, just as it would any other electronic devices.
Five California cities, however, are opposing this privacy-protective legislation. At least four of these cities—Los Angeles, Santa Monica, San Francisco, and Oakland—have pilot programs underway that require shared mobility companies to turn over sensitive individual trip data as a condition to receiving a permit. Currently, any company that does not comply cannot operate in the city. The cities want continued access to individual trip data and argue that removing “customer identifiers” like names from this data should be enough to protect rider privacy.
The problem? Even with names stripped out, location information is notoriously easy to reidentify, particularly for habitual trips. This is especially true when location information is aggregated over time. And the data shows that riders are, in fact, using dockless mobility vehicles for their regular commutes. For example, as documented in Lime’s Year End Report for 2018, 40 percent of Lime riders reported commuting to or from work or school during their most recent trip. And remember, in the case of dockless scooters and bikes, these devices may be parked directly outside a rider’s home or work. If a rider used the same shared scooter or bike service every day to commute between their work and home, it’s not hard to imagine how easy it might be to reidentify them—even if their name was not explicitly connected to their trip data. Time-stamped geolocation data could also reveal trips to medical specialists, specific places of worship, and particular neighborhoods or bars. Patterns in the data could reveal social relationships, and potentially even extramarital affairs, as well as personal habits, such as when people typically leave the house in the morning, go to the gym or run errands, how often they go out on evenings and weekends, and where they like to go.
The cities claim that they will institute “technical safeguards” and “business processes” to prohibit reidentification of individual consumers, but so long as the cities have the individual trip data, reidentification will be possible—by city transportation agencies, law enforcement, ICE, or any other third parties that receive data from cities.
The cities’ promises to keep the data confidential and make sure the records are exempt from disclosure under public records laws also fall flat. One big issue is that the cities have not outlined and limited the specific purposes for which they plan to use the geolocation data they are demanding. They also have not delineated how they will minimize their collection of personal information (including trip data) to data necessary to achieve those objectives. This violates both the letter and the spirit of the California Constitution’s right to privacy, which explicitly lists privacy as an inalienable right of all people and, in the words of the California Supreme Court, “prevents government and business interests from collecting and stockpiling unnecessary information about us” or “misusing information gathered for one purpose in order to serve other purposes[.]”
The biggest mistake local jurisdictions could make would be to collect data first and think about what to do with it later—after consumers’ privacy has been put at risk. That’s unfortunately what cities are doing now, and A.B. 1112 will put a stop to it.
The time is ripe for thoughtful state regulation reining in local demands for individual trip data. As we’ve told the California legislature, bike- and scooter- sharing services are proliferating in cities across the United States, and local authorities should have the right to regulate their use. But those efforts should not come at the cost of riders’ privacy.
We urge the California legislature to pass A.B. 1112 and protect the privacy of all Californians who rely on shared mobility devices for their transportation needs. And we urge cities in California and across the United States to start respecting the privacy of riders. Cities should start working with regulators and the public to strike the right balance between their need to obtain data for city planning purposes and the need to protect individual privacy—and they should stop working to undermine rider privacy.