Data and mobility: a reminder of data regulations

Data management in mobility is a strategic issue. Information from users enables a better understanding of flows, areas and causes of insecurity, and behaviours, and thus makes it possible to improve the transport and service offer in order to promote multimodality. What regulations are in place to protect users and their data? A look back at the rules governing urban data.

Data gathering and urban mobility: an essential but controversial breakthrough

Data management in the mobility sector is a strategic issue. All the personal informations of users allow a better understanding of flows, areas and causes of insecurity, user behaviour, and thus makes it possible to improve the transport and service offer in order to promote multimodality.

Urban data is therefore an essential tool for developing predictive traffic management tools that improve urban mobility. Understanding, anticipating, improving, deploying, analysing, measuring environmental impact, creating value, making the city accessible to all… these are very strong challenges for cities. In order to create this type of algorithm, the technologies deployed obtain data which, if they do not comply with the regulations imposed on data, could infringe on personal freedoms and can be seen as intrusive, with users having the feeling they are being watched, located, tracked…

Smart Cities have a powerful mesh to produce data, with connected city dwellers, IoT, geolocation, High Speed broadband and soon Very High Speed with 5G… Beyond the scepticism of some users, the model is proving its worth: when one and the same application offers us the choice of different modes of transport according to our preferences, it is precisely thanks to this data that has been pooled. The digital tools used to improve the mobility offer nevertheless raise the question of the place and protection of the user as well as his or her privacy.

What is the balance between the general interest and the risk of loss of personal freedoms?

Data mobilité règlementation

GDPR and data protection: a few reminders

The term “data” means “any information relating to an identified or identifiable natural person” and is used for research, collection, storage, transmission or blocking.

In Europe, the collection and processing of data is strongly regulated by the General Data Protection Regulation (GDPR). In 2018, the regulation has been expanded to strengthen the rights of individuals. This regulation applies to all companies, organisations and associations, in all stages of data management. Sanctions are put in place for non-compliance and can be relatively severe (up to 4% of company turnover).

The GDPR is therefore committed to providing a variety of rights to individuals, among them:

  • Consent: Users must give their consent to the collection and processing of data.
  • The right of persons: The establishment of new rights, including the right of access to information by the user, the right to oblivion at the request of the user, companies will have a period of one month to delete his data or the right of opposition by which the user has the right to object to the processing of data concerning him.
  • Transparency: Companies must provide precise information on how their data is collected, used, stored, etc.
  • Accountability: The data controller must be able to prove that the regulations are being complied with.

For more details, you will find all the information on the CNIL website, with the steps to implement as a company to comply with the GDPR.

Mobility and regulations: what protections and uses?

At the time of collection, the company must consider whether it is in compliance with the principles of legal provision, user consent or legitimate business interest. The company should only collect data that is necessary for the pursuit of a purpose; this is the principle of data minimization.

EU Regulation 2017/1926 of 31 May 2017 requires each Member State to set up a single national access point (NAP) for data on all national mobility provision. It references all the mobility data needed to inform travellers in the territory. In France, the Loi d’Orientation des Mobilités (LOM) designates local authorities as responsible for making this data available on transport.data.gouv.fr and designates the Transport Regulatory Authority competent for disputes. Mobility organising authorities, transport operators and mobility service providers must make available on the same NAP the data on their services and networks that are necessary for passenger information.

Mobilité protection donnée

Connected vehicles, which are growing in the market, have an on-board system that allows them to collect and process data on vehicles, journeys and users. These data are used for services such as assistance, repair and maintenance, fleet management, etc. As car manufacturers have already implemented these systems, the principle of non-discrimination towards other players, able to compete with the manufacturers, has been established. Anonymisation of data must be applied when transmitting data, which is a guarantee of respect for individual freedoms. However, in certain cases, the data may allow a person to be identified, in particular in the detection of accidents when the vehicle transmits information to the emergency services. In this case, the LOM provides that the data collected may cross this barrier of anonymisation.

Personal data within Velco

Velco offers connected solutions based on the collection and analysis of vehicle, journeys and user data. All elements of the GDPR and LOM are applied from data collection to storage, which is also protected.

In full transparency, the privacy policy lists the data collected and their purpose: What data? How? Why? Where? By whom? For how long? The data is anonymised and stored separately, so it cannot be cross-referenced to obtain all the vehicle, route and identity data of a single user.

The data collected by Velco is data such as first and last name, date of birth or e-mail address of its users when they create an account, other data is also collected such as telephone number or postal address if provided spontaneously. Via Wink Bar, the connected handlebar application, the company has access to data concerning your connected vehicle. Velco collects this information in order to manage the contractual relationship with its customers, to communicate with you regarding your account, or to provide you with information regarding the application.

Smart mobility thanks to data

Even if users’ fears are present, data protection is numerous and strong, both at European and national level. Operators, manufacturers and mobility providers must apply the data regulations in effect in order to contribute to the smart evolution of the mobility offer.

The individual concession to participate in the identification of trends or precise data in the event of accidents seems a small sacrifice compared to the benefits that everyone can derive from it in their daily transportation.

As long as the mobility players comply with these regulations, it will therefore be a collective breakthrough for users, public organisations and professionals in the sector. The transformation of cities towards a greener, multimodal, secure and inclusive mobility will not be possible without the full exploitation of urban data.