Blog: Mobility Data: Opening Doors to Possibility and Privacy Risk

The term “mobility data” describes information generated by activity, events, or transactions using digitally-enabled mobility devices or services. This data is frequently recorded as a series of points with latitude and longitude collected at regular intervals by devices such as smartphones, shared micromobility vehicles (shared bikes, e-bikes, scooters etc), on-board vehicle computers, or app-based navigation systems (e.g. Waze, GoogleMaps etc). Mobility data often has a temporal element, assigning time as well as location to each point. Depending on the device used to capture the data, other characteristics, such as the speed of travel, or who is making the trip, can be connected to each individual latitude/longitude point.

Trite as it may sound, smartphones have ushered in a new era for the modern world – particularly when it comes to transportation. This ubiquitous device has brought about fundamental shifts to how we get around (think ride-hailing services, always-on-hand navigation, and the rise of the ubiquitous e-scooter). Yet for all the transportation innovations smartphones have made possible, they’ve also opened the door to a set of new challenges. The same ride-hailing and shared micromobility companies that represent transportation’s bright future also expose us to a new set of risks, chiefly that of jeopardizedpersonal privacy.

The mobility data generated by smartphones is powerful because it is granular and location-specific. These characteristics create datasets that can help cities answer challenging and specific questions, leading them to craft more informed policies in pursuit of positive public outcomes. But these granular and location-specific data points also raise privacy concerns.

Mobility data poses risks for the same reasons it is powerful: it can easily become personally identifiable information (PII), even when anonymized and scrubbed of unique personal information. In the same way social security numbers or credit cards can be linked to a specific individual, in the hands of a savvy person, mobility data can be used to trace someone’s identity. A 2013 Scientific Report article  found that, in a dataset of 1.5 million people compiled over 6 months, over 95% of study individuals could be uniquely identified using only four location points triangulated from cellphone towers.

We’re in a threshold moment with mobility data; smartphones and the services they make possible are anchored in our daily lives, yet the legal and policy frameworks that regulate them haven’t caught up. NACTO and the International Municipal Lawyers Association recently released Managing Mobility Data  to assist cities and companies as they bring these frameworks more in line with our new reality. This policy document outlines principles to inform best practices for sharing, protecting, and managing mobility data. The guidelines are intended to serve as a resource for both the public and private sectors as both establish frameworks that balance the promise of mobility data with the responsibility to protect individual privacy.

Managing Mobility Data defines four principles for responsibly managing mobility data that help strike this balance:

It is a fundamental responsibility of cities to ensure safe passage on the public right-of-way. In the digital age, effectively managing city streets includes reconciling what may, at face value, seem like competing ends: Utilizing mobility data to develop good public policy while also protecting individual privacy. These forces need not be mutually exclusive, though. With the right guidelines, access to data and personal privacy can intersect, rather than exist on opposing parallel tracks.

Take the General Data Protection Regulation (GDPR), the European Union’s data privacy regulation. This law aims to protect EU citizens by regulating the circumstances under which private companies can collect personal information, and how all personal data is processed, stored, and exchanged between parties. The GDPR is an example of a government taking a proactive approach to protect the privacy of its citizens while also enabling companies to operate.

Yet even with regulations like the GDPR, how governments develop appropriate regulations for mobility data is an emerging policy area without established best practices. Managing Mobility Data presents a set of recommendations for cities and private companies to refer to when developing uniform and accountable data management standards. Although smartphones may be ubiquitous, we’re just beginning to grapple with the possibilities and challenges brought by the personal mobility data they collect.