Cities must be explicit about their intended use related to planning, analysis, oversight, and enforcement when requiring data from private mobility companies.

NACTO guidance emphasizes how good data management practice begins with being clear about what questions are being asked and what information is necessary to answer those questions.


Background (Show)

Lesson Learned

While being mindful about the purpose of their data requests, cities have legitimate concerns about the accuracy of data provided by mobility companies. To address this uncertainty, many cities have requested a broad range of data because companies have been unwilling to provide additional data as new relevant queries occur.

Mobility companies and third-party data companies also have the responsibility to be purposeful with the data they collect. In granting permits, contracts, or other regulatory agreements that allow operations in the public right-of-way, cities can ensure that mobility companies have user agreements or privacy policies that are explicit with customers about what data they will collect and how they will use it.

Cities should follow the following best practices to get the right data and to avoid capturing unnecessary data.
  • Be clear about what questions they are trying to answer and use those questions as a basis for data requests. Cities can reduce the likelihood of obtaining sensitive information by limiting what they collect to data that has a defined purpose. This, in turn, may limit liability for the protection, storage, and security of that data and reduce data management burdens.
  • Develop internal capacity to audit the data. Trained staff, capacity for spot checks, and data audit tools, such as verifiable data logs, can help cities ensure that the data they get is accurate and unedited without requesting excess information to verify it. Cities should preserve the right to commission third-party audits if they suspect dishonest or falsified data. When using third-party developed tools, cities should make sure they know their vendor and what their privacy policies are.
  • Ensure that their regulatory scheme and analysis tools allow them to retroactively request data should a new query or purpose develop.
  • Encourage and negotiate with mobility companies to update user agreements and request and receive consent for collecting and using personal information from their customers. For example, the EU's General Data Protection Regulation identifies what genuine consent could look like, including: consent should be opt-in, not default; users should be allowed to accept or reject terms individually; consent agreements should identify third parties who might have access to the data; and companies should not require consent as a precondition for service. Because United States and state law does not have such provisions, it may be beneficial to negotiate with mobility companies to achieve at least some of these goals.

Lesson Comments

No comments posted to date

Comment on this Lesson

To comment on this lesson, fill in the information below and click on submit. An asterisk (*) indicates a required field. Your name and email address, if provided, will not be posted, but are to contact you, if needed to clarify your comments.


NACTO Policy 2019: Managing Mobility Data

Published By: National Association of City Transportation Officials

Source Date: 04/01/2019

URL: https://nacto.org/wp-content/uploads/2019/05/NACTO_IMLA_Managing-Mobility-Data.pdf

Other Lessons From this Source

Lesson Contacts

Lesson Analyst:

Kathy Thompson


Average User Rating

1 (35 ratings)

Rate this Lesson

(click stars to rate)

Lesson ID: 2019-00905