About the Privacy Principles for
Mobility Data

What Are the Principles?

The Principles are a set of values and priorities intended to guide the mobility ecosystem in the responsible use of data and the protection of individual privacy. They are intended to serve as a guiding “North Star” to assess technical and policy decisions that have implications for privacy when handling mobility data. The principles are designed to apply to all sectors, including public, private, research and non-profit.

Why Do We Need the Principles?

Increasingly, organizations in the public, private and nonprofit sectors are faced with decisions that have data privacy implications. For organizations utilizing mobility data, these principles provide a baseline framework to both identify and address these situations. Individuals whose data is being collected, utilized and shared must be afforded proper protections and opportunities for agency in how information about them is used and handled. These principles offer guidance for how to engage in this process.

Human movement generates data in many ways: directly through the usage of GPS-enabled mobility services or devices, indirectly through phones or other devices with geolocation and even through cameras and other sensors that observe the public realm. While these principles were written with shared mobility services in mind, many of them will be applicable in other contexts in which data arising out of individual movement is collected and analyzed. We encourage any organization working with this type of data to adapt and apply these principles in their specific context.

While not all mobility data may present a privacy risk to individuals, all stakeholders managing mobility data should treat it as personal information that is sensitive, unless it can be demonstrated that it doesn’t present a privacy risk to individuals.

How Were the Principles Created?

These principles were developed through a collaboration organized by the New Urban Mobility (NUMO) alliance, the North American Bikeshare & Scootershare Association (NABSA) and the Open Mobility Foundation (OMF) in 2020. These groups convened a diverse set of stakeholders representing cities, mobility service providers, technology companies, privacy advocates and academia. Over the course of many months, this group heard from privacy experts, discussed key topics related to data privacy and identified core ideas and common themes to serve as a basis for these Principles.

The result is a statement of values and priorities that is intended to guide the mobility ecosystem based on the following foundational values:

• The collection and use of mobility data has the potential to benefit society, for example, by enabling shared mobility services and helping public agencies with city planning and management.

• Highly personal and sensitive information can be derived from mobility data.

• Individual trip records and geolocation data are sensitive and can be personally identifying information.

• People should not have to choose between using essential mobility services and maintaining their privacy, especially those from marginalized communities and others who may have limited mobility options.

• Organizations that collect, process, retain/store, share and/or sell mobility data have a unique responsibility to act ethically and with accountability in their handling of mobility data.

The Principles debuted at the 2021 NABSA Conference, Rolling With It: Empowering Shared Micromobility.

What Does It Mean to Endorse the Principles?

Organizations that formally endorse the principles are committing to work in good faith to put them into practice. As statements of intent, the principles represent the shared aspiration for a mobility ecosystem — public-sector, private-sector and non-profit — that serves the public interest and protects fundamental rights. The "in practice" examples included with the principles are not a prescriptive list, but rather are intended to provide guidance and inspiration when implementing the principles. By endorsing these principles, organizations commit to the ongoing work of translating these shared values into practices appropriate for their context and circumstance.

How Can My Organization Endorse the Principles?

We’re thrilled to hear your organization is interested in endorsing the principles! It’s easy to sign on using this form here. Make sure to select that you’d like to be listed as an “Endorsing Organization.” Verify you’ve read the MoU, upload your logo and you’re all set.

How Can My Organization Engage with the Principles?

While there is no prescriptive way to engage with the principles, here are some examples:

• Publicly support these principles as a way to show that you care about privacy in your mobility data work.

• Use the principles to inform your own policies and practices.

• Have a conversation with your staff, partners and clients on any or all of these principles to educate them and understand their points of view.

• Share examples and case studies of where one or more of these principles are being applied and what you’ve learned.

• Share your thoughts on social media using the hashtag #MobilityPrivacyPrinciples and engage in discussions with our community of individuals working to improve mobility data practices.

Term Definitions 

Anonymized (Data): Data resulting from a process that removes the association between the identifying dataset and the data subject (source).

Community: A social group of any size whose members reside in a specific locality, share government and often have a common cultural and historical heritage (source).

Community Engagement: The process of working collaboratively with groups of people who are affiliated by geographic proximity, special interest, or similar situations to address issues affecting the wellbeing of those people to create social license and legitimacy and build public trust.

Data Aggregation: The process of gathering data and presenting it in a summarized format, especially before storing or releasing mobility data. Aggregation should be based on population density and land use characteristics to create a general picture without identifying a specific building or person (source).

Data Minimization: The collection and use of mobility data should be adequate, relevant and limited to what is necessary in relation to the purpose or objective for which the data is processed (source).

Data Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (source).

Fairness: In general, fairness means that you should only collect and process personal data in ways that people would reasonably expect and not use it in ways that have unjustified adverse effects on them. If anyone is deceived or misled when the personal data is obtained, then this is unlikely to be fair (source).

Marginalized Communities: Communities that experience discrimination and exclusion because of unequal power relationships across economic, political, social and cultural dimensions (source).

Mobility Data: All user and user-related information connected to an activity, event, or transaction generated by either the operator or user of a digitally-enabled mobility vehicle or service (source).

Personal Information: Any information relating to an identified or identifiable natural person (source).

Note: “Personal information,” “personal data” and “personally identifiable information” may be defined differently by scientific and legal communities and may differ by jurisdiction. For example, NIST uses “personal information” to mean information from individuals, and “identifying information” is used to denote information that identifies individuals” (source).

Privacy Notice: A privacy notice is a way for organizations to fulfill legal transparency requirements and to inform individuals about the collection and use of their personal data (source). Privacy notices should be concise, transparent, intelligible, easily accessible and must use clear and plain language (source 1, 2). Specific approaches to effective notice include (source):

• A layered notice is helpful when a full privacy notice may be long and complex. Organizations can layer their notices by producing both a condensed notice (with key highlights up front) and a longer, complete notice with all of the legal requirements.

• A contextual notice allows organizations to highlight any purposes or uses of data that would not be obvious to the individual or reasonably expected based on the context.

• A “just-in-time” notice is a notice that appears at the time an individual accesses a feature (such as before sharing precise location data or contact information with a mobile app), instead of only at the time they sign up for the service. The notice has relevant and focused privacy information delivered at the time mobility data is collected.

Re-identification: The general term for any process that restores the association between a set of de-identified data and the data subject (source).

Note: Re-identification is not the only mode of failure of de-identification techniques, as information about individuals can be inferred from their data, even without restoring an association between a data subject and the de-identified data (source).