As part of its mission to help MDS users address privacy considerations, the Open Mobility Foundation’s Privacy, Security, and Transparency Committee has engaged with legal counsel to create detailed guidance on using MDS in the context of GDPR in the European Union. The guide debuted at the 2021 POLIS conference in Gothenburg, Sweden and is now available to the public through OMF’s website.
“This is an important step in helping European cities and companies using MDS navigate privacy considerations under GDPR. We believe this guidance – along with other resources the OMF maintains – will help organizations develop policies and practices that enhance the privacy of those using shared mobility services.”
– Jascha Franklin-Hodge, Executive Director of the Open Mobility Foundation
Led by cities, the Open Mobility Foundation (OMF) develops and promotes open source technology used by cities and operators of mobility services in tools that help government entities manage the public right-of-way. Specifically, The OMF oversees the development of the Mobility Data Specification (MDS), which is designed to help cities manage shared mobility programs (e.g. e-scooters, bicycles, mopeds, cars). MDS provides a standard for mobility operators and cities to exchange data about shared vehicles on city streets.
The General Data Protection Regulation (GDPR) is a European Union (EU) regulation to allow personal data to be safely collected and processed for legitimate use cases, including for the public interest. The OMF led the development of this resource specifically for cities and companies that wish to stay compliant with GDPR while implementing and using MDS. While GDPR applies primarily in the EU, other jurisdictions around the world have established similar regulations, and the guidance provided may serve as a helpful resource for cities and companies using MDS in their local contexts.
“Personal privacy must not be compromised when sharing mobility data. The Open Mobility Foundation guide for using Mobility Data Specification under the European Union’s General Data Protection Regulation (GDPR) is a great resource to help ensure that data reporting to public authorities preserves privacy. More and more European cities are implementing the Mobility Data Specification to manage shared mobility services, and around the world other cities are aligning with GDPR standards. Input from organisations across the mobility sector makes this guide a well-rounded resource that will help authorities ask the right questions and develop appropriate data collection policies.”
– Philippe Crist, Advisor for Innovation and Foresight, International Transport Forum (ITF) and member of the OMF Advisory Board
The guide is structured to be useful to a variety of audiences, including department leaders, program managers, and data protection officers, providing further clarity around handling data related to shared mobility, like:
- Is it lawful to collect and process MDS data?
- Do MDS users need to inform riders?
- What is a “legitimate purpose” to use MDS?
- Do MDS users need to obtain consent?
- Should an impact assessment be performed?
- How do MDS users handle erasure requests?
As part of its mission to help MDS users address privacy considerations, this guide was made possible by the contributions of OMF’s Privacy, Security, and Transparency Committee, and OMF’s members, board, and advisors. A number of external reviewers commented on and contributed to the guide. Special thanks to Adrien Aulas, Partner at Lighten Law, who served as legal counsel for this project and whose exhaustive work brought the guide to life.
The guide can be accessed through the OMF website at: https://www.openmobilityfoundation.org/using-mds-under-gdpr/