Navigation on this site is not optimized for your browser

Please use a recent version of Google Chrome, Mozilla Firefox, Safari or Microsoft Edge to get the most out of the experience.

Find a modern browser
Hero picture

Blog: Mobility Data: Opening Doors to Possibility and Privacy Risk

  • Asia-Pacific
  • Data
  • European legislation
  • Future of Mobility
  • Regulations
  • Risk analysis

First Things First – Definition of Mobility Data (by NACTO)

The term “mobility data” describes information generated by activity, events, or transactions using digitally-enabled mobility devices or services. This data is frequently recorded as a series of points with latitude and longitude collected at regular intervals by devices such as smartphones, shared micromobility vehicles (shared bikes, e-bikes, scooters etc), on-board vehicle computers, or app-based navigation systems (e.g. Waze, GoogleMaps etc). Mobility data often has a temporal element, assigning time as well as location to each point. Depending on the device used to capture the data, other characteristics, such as the speed of travel, or who is making the trip, can be connected to each individual latitude/longitude point.

Mobility Data

Trite as it may sound, smartphones have ushered in a new era for the modern world – particularly when it comes to transportation. This ubiquitous device has brought about fundamental shifts to how we get around (think ride-hailing services, always-on-hand navigation, and the rise of the ubiquitous e-scooter). Yet for all the transportation innovations smartphones have made possible, they’ve also opened the door to a set of new challenges. The same ride-hailing and shared micromobility companies that represent transportation’s bright future also expose us to a new set of risks, chiefly that of jeopardizedpersonal privacy.

The mobility data generated by smartphones is powerful because it is granular and location-specific. These characteristics create datasets that can help cities answer challenging and specific questions, leading them to craft more informed policies in pursuit of positive public outcomes. But these granular and location-specific data points also raise privacy concerns.

Mobility data poses risks for the same reasons it is powerful: it can easily become personally identifiable information (PII), even when anonymized and scrubbed of unique personal information. In the same way social security numbers or credit cards can be linked to a specific individual, in the hands of a savvy person, mobility data can be used to trace someone’s identity. A 2013 Scientific Report article  found that, in a dataset of 1.5 million people compiled over 6 months, over 95% of study individuals could be uniquely identified using only four location points triangulated from cellphone towers.

We’re in a threshold moment with mobility data; smartphones and the services they make possible are anchored in our daily lives, yet the legal and policy frameworks that regulate them haven’t caught up. NACTO and the International Municipal Lawyers Association recently released Managing Mobility Data  to assist cities and companies as they bring these frameworks more in line with our new reality. This policy document outlines principles to inform best practices for sharing, protecting, and managing mobility data. The guidelines are intended to serve as a resource for both the public and private sectors as both establish frameworks that balance the promise of mobility data with the responsibility to protect individual privacy.

Managing Mobility Data

Managing Mobility Data defines four principles for responsibly managing mobility data that help strike this balance:

It is a fundamental responsibility of cities to ensure safe passage on the public right-of-way. In the digital age, effectively managing city streets includes reconciling what may, at face value, seem like competing ends: Utilizing mobility data to develop good public policy while also protecting individual privacy. These forces need not be mutually exclusive, though. With the right guidelines, access to data and personal privacy can intersect, rather than exist on opposing parallel tracks.

Take the General Data Protection Regulation (GDPR), the European Union’s data privacy regulation. This law aims to protect EU citizens by regulating the circumstances under which private companies can collect personal information, and how all personal data is processed, stored, and exchanged between parties. The GDPR is an example of a government taking a proactive approach to protect the privacy of its citizens while also enabling companies to operate.

Yet even with regulations like the GDPR, how governments develop appropriate regulations for mobility data is an emerging policy area without established best practices. Managing Mobility Data presents a set of recommendations for cities and private companies to refer to when developing uniform and accountable data management standards. Although smartphones may be ubiquitous, we’re just beginning to grapple with the possibilities and challenges brought by the personal mobility data they collect.

The blog articles are the writers' opinions and do not necessarily represent UITP perspective or view.
exclusive resources
This website uses cookies

This website uses third-party website tracking technologies to give you the best experience, help us understand and continually improve how the site works, and to display advertisements according to users' interests. You consent to the use of our cookies by continuing to browse this website.

Cookies page
  • Essentials Essentials

    Those cookies are essentials to the functioning of the site and cannot be disabled in our systems. They are generally set as a response to actions you take that constitute a request for services, such as setting your privacy preferences, logging in, or filling out forms. You can set your browser to block or be notified of these cookies, but some parts of the website may be affected. These cookies do not store any personally identifying information.


    Cloudflare uses various cookies to maximize network resources, manage traffic, and protect our customers’ sites from malicious traffic.


    Cookie that remembers the user’s cookie settings preferences. It allows to avoid asking the user about their preferences each time they visit the website.

  • Performance

    This Google Analytics cookie is used to persist session state. Google Analytics is a web analytics service offered by Google that tracks and reports website traffic anonymously.


    This Google Analytics cookie is created when you first visit our site. It contains the version of Google Analytics, a randomly generated ID and a datetime group of your first visit. Google Analytics is a web analytics service offered by Google that tracks and reports website traffic anonymously.

    _ga_(STREAM ID)

    This Google Analytics cookie is used to persist session state. Google Analytics is a web analytics service offered by Google that tracks and reports website traffic anonymously.

This website uses cookies

We use cookies and similar techonologies to adjust your preferences, analyze traffic and measure the effectiveness of campaigns. You consent to the use of our cookies by continuing to browse this website.