The city of Miami wanted to have the capability to track the real-time locations of every scooter rider across the city until Uber and Lyft pushed back against the section of an agreement, a letter obtained by WLRN shows.
In a proposed agreement to extend the scooter pilot program, the city inserted language requiring operators to provide Miami’s Department of Innovation and Technology with thorough data about how scooters are being used. One kind of data that would have been required was historic data. The second was listed as “active/current information.”
The requested real-time data “includes sensitive trip and rider location data, including precise GPS, timestamp, and route information for individual trips — data that can be used to easily re-identify riders (even when anonymized),” Uber and Lyft officials wrote to Miami City Manager Emilio Gonzalez in a joint letter.
“This data sharing standard has received significant concern from the legal and privacy communities,” noted the letter.
Gonzalez and other Miami officials did not respond to requests for comment.
This kind of data sharing, called “Mobility Data Specification”, was first developed by the transit department in Los Angeles, and its roll-out there led to a significant pushback.
The Center for Democracy and Technology, a privacy rights watchdog group, issued a sternly worded statement against the Los Angeles program.
“Location information is among the most sensitive data, especially when collected over extended periods of time. People’s movements from place to place can reveal sexual partners, religious activities, and health information,” the group wrote against the Los Angeles Department of Transportation’s move. “The U.S. Supreme Court has recognized a strong privacy interest in location data, holding that historical cell site location information is protected by the Fourth Amendment warrant requirement.”
The Electronic Frontier Foundation, another privacy rights watchdog group, wrote a letter to the California legislature expressing concern with the program. The California Legislative Council, in turn, issued an opinion stating that the program runs counter to state law.
California has long been at the forefront of data privacy regulations. Florida has long lagged behind on privacy regulations.
After Uber and Lyft brought up the issue of real-time data with the city of Miami, the proposed agreement was amended to remove that provision.
The revelation comes days after a controversial item was removed from the agenda for a Miami City Commission meeting after it drew protest from privacy advocates, including national security whistleblower Edward Snowden. The city was considering a 30-year deal that would allow a company to place light poles with flood censors, cameras and license plate readers in the Little Havana and Brickell neighborhoods, but included no provisions outlining what the company could do with the data it collected from residents. Commissioner Manolo Reyes, who sponsored the item, asked to defer it to November, in part over privacy concerns.
And as WLRN has previously reported, the Miami Parking Authority’s policy of pushing drivers to pay for parking exclusively through the PayByPhone app has also drawn alarms from activists. The company is owned by Volkswagen, and the contract with the city explicitly allows PayByPhone to sell user data to third parties.
As more cities strive to become “Smart Cities” — collecting and using resident data to make decisions — the more they need to create structural changes to help address those growing mountains of data, said Mike Katz-Lacabe, the director of research at the nonprofit watchdog group the Center for Human Rights and Privacy.
“What’s happening in Miami is a perfect example of why a privacy commission is needed,” Katz-Lacabe said.
Katz-Lacabe proposes that a kind of in-house watchdog position be created in the city of Miami that reviews potential agreements and contracts for privacy concerns before they come up to vote. The city of Oakland created an early version of one of these in 2014, and now it is fully integrated into the city government. Some other cities have followed.
“In most jurisdictions it’s common for projects to be approved with little to no discussion about the costs to residents’ privacy,” Katz-Lacabe said. “A privacy commission could bring up issues related to data concerns prior to an item making it to a full commission, and take measures to ensure that residents are protected while still allowing for projects to go forward.”
Earlier this year, for example, a similar issue about real-time scooter data came before the commission in Oakland. The privacy commission gave the city recommendations about how it could move forward with the project, while addressing data security and privacy issues.
The city is no longer looking to extend the pilot scooters program. Instead, it is now looking for a permanent company to work with. The details of that permanent program are expected to be released by the end of the year.