In conversation with Charlotte Le Roux, senior associate

Living Mobility is Objective and that is reflected in how data is critical to developing future mobility solutions. The mobility and transportation industry has grown increasingly reliant on data, and more importantly, on data sharing. Shared data facilitates service quality and intermodal options. Commoditizing mobility data presents can also provide another revenue stream and the potential for additional privacy issues. Data is essential to Mobility as a Service (MaaS), as sharing and reusing of data collected by a wide range of actors, including both public and private entities, is needed to optimize service quality. Charlotte Le Roux discusses the challenges and opportunities surrounding concerning data sharing.

What is MaaS? What is required to make MaaS efficient and attractive to consumers and even to public transportation authorities?

Le Roux: MaaS, Mobility as a Service, is a usercentric digital solution that aims to enhance the value of shared public and private transport modes by improving the mobility experience through personalization. It also aims at optimizing operations to control costs and improve access for all. Mobility in this context includes a range of services much broader than just public transportation to include services such as carpooling, car-sharing and self-service scooters.

The public sector already has a significant amount of data that is generally already easily accessible about use of public transportation, but private sector data is not yet well integrated and is increasingly important for understanding transportation options.

The very first requirement to make MaaS efficient and truly useful is the common sharing, by both public and private entities, of relevant data in a single place (a platform) and in a format allowing interoperability. This interoperability is what makes the data useful in optimizing service provision for consumers and planning capacity by both the public and private sectors. In France, the National Access Point for Transportation Data was created by the French Mobility Law with the ambition of gathering data on the entire mobility system on a national basis.

The next stage in advancing the system is to permit the use of that data by entities that did not initially collected it.

Are private companies reluctant to share their data? If so, are there safeguards to encourage them to do so in a way to benefit the entire transportation system?

Le Roux: Companies data sets are valuable assets that require considerable investment to create and keep up-to-date. From a purely business perspective private entities unwillingness to share a valuable asset is understandable especially when one considers additional legal obligations and risks associated with data sharing. Those legal issues are particularly nuanced. Data "ownership" rights result from a sum of different rights and obligations such as intellectual property rights, contractual rights, confidentiality requirements, business secrecy concerns, and various regulatory requirements that vary by jurisdiction and type of data. An additional complication is found in technical security measures needed to protect the access to data from inappropriate use or hacking. Taken together, these various factors create an overall picture of what level of ownership control and rights a stakeholder has over its data.

Given that context, data sharing is mainly governed by user licence agreement. There are several models for those agreements and a few common concerns. Is data sharing free or with royalties. If royalties are involved, the price matters because if it is excessive, smaller companies may not be able to contribute and benefit from it, from the arrangement to the detriment of the entire system. Does the arrangement require reciprocity so that a party that benefits from the collective database also has an obligation to share the data it collects and thus enhance the database and its utility to all.

How will data sharing benefit both the public and private sectors so that consumers -- the traveling public -- have a better mobility system?

Le Roux: We have excellent examples of where data sharing and cooperation between different actors is proving fruitful. In Sweden and Norway, Volvo has joined a public-private partnership in a cloud-based connected safety service to which it provides real-time data from its connected safety technologies. This service gets information on a range of things including such specific items as where a hazard light has been spotted or slippery road conditions.

Sharing data also facilitates innovation, and broader use of those innovations in turn allows system wide benefits. Mapping applications are a good example. Only a few big companies, mostly tech companies, had the means to map the world and those mapping services where offered with restrictions on use parameters. In response collaborative projects based on open data sets have been developed to meet the needs of other stakeholders. Projects like OpenStreetMap rely on crowdsourced data which is then made available under an Open Database License.

Public data provides another opportunity. Public authorities often have the obligation to share their data either due to requirements at a national or European level, but they rarely have the financial means to utilize that data effectively. For instance, hyperscale capex spending on data centres reached an historic high of over $120 billion in 2019. While these are sums spent by the world's biggest tech companies, it demonstrates the significant cost of data storage. Beyond storage costs, public bodies probably lack of expertise and human resources to develop and exploit shared mobility services. Given the relative advantages of the private and public sectors, cooperation is an obvious route for improving the capacity of the entire transportation system.

What legal actions are companies using to advance MaaS?

Le Roux: To create value from many data sources, mobility companies are developing strong data governance strategies. The first step in doing this properly means fully accounting for the various rules governing the safety and security of their services, the end users themselves and the data about those end users. Of course, privacy rules are another important factor.

Other legal considerations include competition issues on data usage and data sharing as well as a myriad of commercial and contractual issues about who can use the data.

Privacy rules are particularly stringent in the EU. How might the industry balance meet those requirements and have robust MaaS offerings?

Le Roux: In the context of MaaS, personal data are likely to be shared in order to deliver a personalised service. New Data Protection Acts are being unveiled in many countries and new rules always have a certain amount of uncertainty. At the level of the European Union, the GDPR has been enforced for almost three years now so actors have thus reached a certain degree of maturity and awareness regarding their obligations under the GDPR.

Compliance with the minimization principle requires care because it is tempting to collect a wide range of data to enable future innovation, but such wide collection would not be compliant with this core principle. This requirement also means deep awareness of what one actually collects as sometimes systems actually collect or store more data than many realize or plan for.

Furthermore, in some cases, there is absolutely no need to communicate personally identifying data to ensure the quality of the mobility service. In those contexts, data could be anonymized and not hurt functional capacity. The position of European data protection authorities, however, makes implementing the anonymization process extremely demanding.

Finally, MaaS logically requires a large degree of access to geolocation data. However, users of those services largely understand the necessity to share their location while moving so they are used to this type of data sharing. Still, compliance with privacy rules requires transparency about what is collected and how it is used and then appropriately safeguarding this data to make sure it is not reused for other purposes.