Rideshare, Regulation, and Rights: How Los Angeles’ initiative to monitor “dockless mobility” companies is complicated by individual privacy rights

Posted on by Nick Matosian

Cities all over the country have seen their streets transformed overnight – sometimes literally – by the addition of personal electronic scooters.1 Taking the baton from Uber (who is trying to take it back), companies such as Bird, Lime and Spin have provided the public with another means of shared transportation. Unlike rideshare, dockless mobility services focus on the “first or last mile”; trips that are viewed as too far to walk, but too short for a car ride.2 Via a smartphone app, users can unlock the motorized scooters wherever they are parked, ride them to their destination, and then end the trip by electronically locking the scooter. Scooter companies boast that their product will decrease traffic, supply pedestrians with a more cost-effective method of travel and contribute to greener cities.3

Notwithstanding the benefits, major public concerns over scooter safety and equal access have emerged. To take control of the situation, municipalities such as Los Angeles have instituted pilot programs aimed at understanding and regulating the nascent industry.4 In the words of Seleta Reynolds, the leader of the LA initiative, “The public has to be reassured that there is somebody who is keeping a close eye.”5 Although many of the program’s features, such as a 15 mile-per-hour speed limit, are not contentious, one aspect of the initiative has commentators on edge: data collection.

A crucial component of the regulation is that LA requires companies to submit particular information to government officials for every excursion. This includes the length of the ride, how the scooter is parked, and where the trip begins and ends.6 The purpose of this is two-fold: (1) Officials need to monitor participating companies to ensure that they are complying with all program requirements and (2) to give city planners a better understanding of how motorized scooters impact pedestrian mobility.7To protect privacy, all personal identifying information (i.e. scooter identification number and rider information) will be redacted before the government receives the details.8

Despite the legitimate need for, and anonymity of, the scooter data, experts are concerned that there are not sufficient safeguards to protect user identity. Their concerns are based on precedent. In 2013, Vijay Pandurangan took the public records of over 174 million anonymized New York City taxi cab rides and was able to determine which distinct cab was involved with every ride in under an hour.9 Anthony Tockar was then able to cross-reference that data with other public information to learn highly-personal details that ranged from the trivial (how much celebrities tipped their drivers) to the scandalous (frequent patrons of gentlemen’s clubs).10 Los Angeles has learned a lesson from this example by marking the scooter reports confidential. This means that the report will not be accessible by the public via an information request, or by the police without a warrant.11  Local governments are far from immune to data breaches, however, and would likely be a target for hackers.12

The data that will be collected from the scooter rides is likely to be even more personal than other transport sources. Because scooters will most frequently be utilized for “last mile” transportation, sensitive locations like a user’s home or workplace will often be one of the recorded locations.13 In addition, the certainty of a user’s destination will be higher considering that scooters can be parked directly outside the entrance in most cases. As the Center for Democracy & Technology (CDT) points out, nefarious users of the data could also work backwards by analyzing a given location – like an abortion clinic – to ultimately identify and harass riders.14 Given the potential sensitivity of the data, security is of paramount importance. In the context of criminal law, the Supreme Court recently decided in Carpenter v. United States that location data can be subject to Fourth Amendment privacy protections; this exemplifies the importance of keeping location data secure and private.”15

Scooter companies have different levels of confidence in LA’s ability to protect their customer’s information. For Lime and Bird, who have been granted the maximum one-year permit, the general outlook is positive and envisions the company and government working together to ensure consumer safety and privacy.16 Conversely, Uber, who received only a provisional one-month permit through their brand “Jump”, has doubts as to whether the LA government has sufficient capabilities to guard the data as closely as Uber itself:

Under current and proposed privacy legislation in the United States, private companies are expected to demonstrate specific data security and privacy capabilities when dealing with personal information…we’ve received no assurance that [the Los Angeles Department of Transportation] is willing or able to meet the same standard in protecting the privacy of our customers.17

Instead, Uber has proposed allowing the company to send a synthesized report to the city. This suggestion has been met with considerable concern, especially given Uber’s dubious track record with self-reported accounts.18 CDT argues the optimal course of action is for LA to adopt additional rigorous internal procedural requirements that lay out precise, transparent guidelines for how the information will be used, stored and ultimately deleted.19 This approach would appropriately balance informed governance considerations with prioritizing individual privacy.

Although Bird and Lime are only two years old, their estimated respective valuations sit at roughly $2 billion dollars.20 Uber, who is investing heavily in motorized scooters, has a conservative valuation of $76 billion.21 The dockless mobility market is here to stay. In order to best understand how to protect consumers, however, local governments like Los Angeles must accumulate and analyze vast amounts of information from companies. This information is both sensitive for consumers, and ripe for serious abuse if it falls into the wrong hands or is misused by government officials. Consequently, governments must ensure that their use of data does not go beyond serving defined functions, and that sufficient precautions are taken to protect individual privacy.   

  1. Nik DeCosta-Klipa, Bird electric scooters show up — unannounced — in Cambridge and Somerville, Boston (July 20, 2018), https://www.boston.com/news/local-news/2018/07/20/bird-electric-scooters-cambridge-somerville-providence. 

  2. Roomy Khan, Electric Scooters: Last-Mile Mobility, Thrill Rides, Public Nuisance Or Hazard, Forbes (Dec. 24, 2018), https://www.forbes.com/sites/roomykhan/2018/12/24/electric-scooters-last-mile-mobility-thrill-rides-public-nuisance-or-hazard/#14c561223ccb. 

  3. Bird, Impact, https://www.bird.co/impact/ (last visited Mar. 26, 2019. 

  4. Los Angeles City Ordinance No. 185785 (Oct. 5, 2018), http://clkrep.lacity.org/onlinedocs/2017/17-1125_ORD_185785_10-05-2018.pdf. 

  5. Laura J. Nelson, Data Privacy Debate Emerges Out of L.A.’s Scooter Craze, Government Technology (Mar. 18, 2019), https://www.govtech.com/transportation/Data-Privacy-Debate-Emerges-Out-of-LAs-Scooter-Craze.html. 

  6. Id

  7. Natasha Duarte & Joseph Jerome, Comments to LADOT on Privacy & Security Concerns for Data Sharing for Dockless Mobility, Center for Democracy & Technology (Nov. 29, 2018), https://cdt.org/insight/comments-to-ladot-on-privacy-security-concerns-for-data-sharing-for-dockless-mobility/. 

  8. Id

  9. Vijay Pandurangan, On Taxis and Rainbows: Lessons from NYC’s improperly anonymized taxi logs, Medium (June 21, 2014), https://tech.vijayp.ca/of-taxis-and-rainbows-f6bc289679a1. 

  10. David Sirota, Spying On Celebrities: NYC Taxi Metadata Exposes Celeb Locations And Strip Club Clients, International Business Times (Sept. 30, 2014), https://www.ibtimes.com/spying-celebrities-nyc-taxi-metadata-exposes-celeb-locations-strip-club-clients-1696744. 

  11. Natasha Duarte & Joseph Jerome, Comments to LADOT on Privacy & Security Concerns for Data Sharing for Dockless Mobility, Center for Democracy & Technology (Nov. 29, 2018), https://cdt.org/insight/comments-to-ladot-on-privacy-security-concerns-for-data-sharing-for-dockless-mobility/. 

  12. See Greg Stiles, Cities Face Criticism Over Online Payment System Breach Notifications, Government Technology (July 30, 2018), https://www.govtech.com/security/Cities-Face-Criticism-Over-Online-Payment-System-Breach-Notifications.html. 

  13. Duarte & Jerome, Comments to LADOT

  14. Id

  15. Carpenter v. U.S., 138 S.Ct. 2206 (2018). 

  16. Joseph Cox, Scooter Companies Split on Giving Real-Time Location Data to Los Angeles, Vice (Mar. 19, 2019), https://motherboard.vice.com/en_us/article/yw8j5x/scooter-companies-location-data-los-angeles-uber-lyft-bird-lime-permits. 

  17. Id. 

  18. Laura J. Nelson, Data Privacy Debate Emerges Out of L.A.’s Scooter Craze, Government Technology (Mar. 18, 2019), https://www.govtech.com/transportation/Data-Privacy-Debate-Emerges-Out-of-LAs-Scooter-Craze.html. 

  19. Duarte & Jerome, Comments to LADOT

  20. Eric Newcomer, Lime and Bird Raise Millions, But at Far Lower Valuations Than Hoped, Bloomberg (Jan. 17, 2019), https://www.bloomberg.com/news/articles/2019-01-17/lime-bird-said-to-raise-millions-at-lower-valuations-than-hoped. 

  21. Trefis Team, How Uber Could Justify A $120 Billion Valuation, Forbes (Dec. 3, 2018), https://www.forbes.com/sites/greatspeculations/2018/12/03/how-uber-could-justify-a-120-billion-valuation/#2bac67997f9b. 

Category: Blog Articles