Municipality to monitor privacy of shared bicycle users

In 2018, the Municipality of Delft started a pilot with the shared bicycle service Mobike. Since then, the number of shared vehicles in Delft has risen sharply. Apart from the orange Mobike bicycles, there are now the green Felyx and GoSharing scooters. At present, all Mobike bicycles have been withdrawn because of corona.

Criticism
In December 2019, the Mayor and Municipal Executive evaluated the pilot positively, saying that the increasing use of Mobike bicycle users shows the need for shared mobility.

But there was criticism too as the bicycles cause problems in the city. Since the pilot started, the Municipality has received dozens of complaints about Mobike bicycles that have been abandoned, parked in wrong places or that cause an obstruction.

Permit
To gain more control about the availability of shared vehicles, the Municipality is working on a permit system that will take effect in mid-2021. This will help it oversee the range on offer and the quality of the suppliers.

However, just monitoring the digital environment is not enough says Stip, one of the City Council parties. They want the privacy of users to be better protected. “Users have to use a platform,” explains Council member Marcel Harinck, “on which they share personal information such as their name, location and bank details. We want to make sure that the digital security of these users is safeguarded.”

Rightly so as less than a year ago, the investigation platform Follow the Money (in Dutch) proved that personal data, among which that of Mobike users, was saved in Tencent’s – Chinese Amazon – cloud. And that is not permitted as saving and processing of personal data outside the European Economic Area contravenes the privacy law.

Data plan
This is the reason that his party submitted a motion that would better protect users. Is this really necessary? Harinck thinks it is. “Thanks to the General Data Protection Regulation (GDPR) – the European privacy law – personal data is protected. But the Autoriteit Persoonsgegevens (Dutch Data Protection Authority), the body that checks whether companies comply with the GDPR, does not have the capacity to check every single company and institution. They therefore primarily look at large organisations, and the Municipality of Delft is not top of the list.”

The motion that Stip submitted, with the backing of the D66, GroenLinks, Onafhankelijk Delft, ChristenUnie and CDA political parties, is the responsibility of the suppliers themselves. Harinck says that “We are requiring suppliers to draft a data plan in writing in which they explain how they handle users’ data in a responsible fashion.” The motion was approved by Alderman Martina Huijsmans. Drawing up the permit plan will take about one year.