Data Privacy

Access to user data will be integral for the proper introduction and continued use of E-scooters in each city. A successful integration of this technology lies in carefully demarking disclosure and limits of user data There must be a continuous working relationship between E-scooter mobility companies, cities where they are introduced, and most importantly the users. Where does the need for their data come from and why is it so important?

Most E-scooter operators provide users with a notice in their privacy agreement that there may be instances when operators are compelled to share certain information. Although the language for each company varies slightly, it reads similarly to the following clause:

Legal Compliance and Protection of Rights. We may also use or disclose information if required to do so by law or in the good-faith belief that such action is necessary to (a) conform to applicable law or comply with legal process served on us or the Services; (b) establish, protect and defend our rights or property, the Services or our users, including to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Use, Rental Agreement, other agreements or policies, or as evidence in litigation in which we are involved; and (c) act under emergency circumstances to protect the personal safety of us, our affiliates, agents, or users of the Services or the public. This includes exchanging information with other companies and organizations for fraud protection.

What Data Is Being Collected?

A pressing issue on the forefront of E-scooter users’ minds is what kind of information will actually be given to cities and law enforcement agencies when it comes to their partnerships with the operators. Operators should continue requiring search warrants from cities for any inquiries regarding personalized data. While general data sharing may be encouraged, there is potential for abuse. However, to ensure that users feel comfortable with what operators will disclose about them, it would be prudent of law enforcement agencies to be as detailed as possible in their warrant drafting when seeking data that is capable of revealing more than general trip and usage information.

That being said, users may feel more inclined to continue using E-scooters, as well as comply with law enforcement, if they were assured by respective cities that, when drafting warrants, they will only request what is necessary to carry out a thorough investigation. Essentially, this means that cities would guarantee users and companies that it will only request data pertaining to time, location, and trip information while refraining from asking for any unnecessary demographic information that only companies have been granted access to.

How Will This Data Be Used?

Generally speaking, personalized user data will be used for cities to determine how many scooters will be released and precisely in what areas they should be used. Once cities have successfully integrated scooters, cities will likely collect data that is less identifiable of users but will still continue to monitor general demographic and trip information. When registering to use an E-scooter, customers are made aware of the company’s policies regarding GPS tracking of users and where E-scooters are left after each use. What is of great concern to users is who else will be granted access to their data when companies are obligated to share user data with law enforcement agencies, for example.

In writing about best research practices and data collection The University of Virginia states that as long as one can prove that data will be secure, those storing it have the right to maintain it indefinitely. Because E-scooters are still a developing technology, what has not been officially determined is the amount of time and at what intervals it is appropriate for cities to retain user data. Another important factor that cities and operators must take into account is whether some cities have suffered a hack in the past and how likely it is to happen again. 

In the case of law enforcement compliance, any data that runs the risk of becoming public is that which agencies request in search warrants, which are also public. If an arrest is made, any data that was acquired as a result of that warrant is difficult find in public records. Therefore, it would benefit municipalities to ensure that user data requested in a warrant will be particularly protected in cases of a search.

Why Is This Data Being Shared?

By having cities provide transparency and delineation for practices moving forward in implementing scooters (or not), what is most important is that people actually ride them. Even in instances when scooters have been introduced in some cities and later banned, those same cities still required users in order to acquire user data. The more people feel inclined to ride these scooters, the more information cities will be equipped with in order to better mold policies for safety and enforcement according to their individual needs. Cities depend E-scooter operators collaborating with them in order to determine optimal uses of E-scooters. Conversely, operators also depend on cooperation from cities when introducing this developing technology across the country. Most importantly, users should feel protected by both the companies and cities in considering whether to introduce dockless mobility.

Beginning in 1986, the Electronic Communications Privacy Act gave rise to what are called “secret subpoenas.” What made them secretive is that companies that were asked for records through a warrant were also prohibited from disclosing any information regarding that warrant in an effort to allow for more efficient investigations relating to national security. The provision was further revamped with a broader scope through Title V of the PATRIOT Act. In an effort to bolster confidence among its users, some companies have adopted warrant canary strategy. In essence, what some companies now do in an effort to provide customers with some transparency is alert users that a law enforcement agency has not issued any warrants pertaining to any particular user. Because companies are sometimes from prohibiting disclosures of such warrants, the fact that a user has not received such notice, alerts them that there may have been a warrant relating to their data. 

Suggested Agreement Language Pertaining to User Data

For a company to offer E-scooters for commercial purposes in [City], the company owning or offering E-scooters must obtain a permit. A company must certify to the City that all E-scooters have met all applicable certifications and operating requirements. A failure to comply with applicable codes, laws, and permit conditions may be subject to penalty or revocation of the permit.

General Permit Requirements

  1. The City will not issue a permit for the operation of a Shared Scooter unless:
    1. The Applicant has submitted a data breach history report including the date, location, and type of data accessed during the time the Applicant has offered Shared Scooters.
  2. The Applicant’s ability to satisfy the criteria for a permit does not create an automatic right to a permit.


  1. The Permittee shall notify the City and all required Users of a known data security breach
  2. The data collected by the City will be, except as otherwise required by law or aggregated, kept confidential by the City.
  3. If disclosure of such data is required by law, the City will provide Permittees notice prior to any disclosure of such data so that they may take appropriate legal action.
  4. Upon request, the Permittees shall provide data identified by the Director to verify compliance with requirements pursuant to this Rule.
  5. Permittees shall submit to compliance audits and enforcement actions upon request by the Director or any authorized City personnel or law enforcement officers.
  6. Permittees must disclose to the User that anonymized data listed will be shared with the City. Disclosure may be further enumerated in the data sharing agreement.
  7. Permittees are required to incorporate interactive safety messaging, such as frequent messaging on the User application, about sidewalk-riding prohibitions.
  8. Unless otherwise provided, a failure to comply with any provision of this Section is a violation and may subject the permit to suspension or revocation.

The City may revoke or suspend a permit, effective immediately, at the reasonable discretion of the City if the Permittee sells or shares confidential and individual User data without User consent.