Understanding the Data in MDS
MDS includes information about the status of vehicles, their location, and where they are going. While MDS does not convey personal information about the users of shared mobility services, data collected about mobility can be sensitive. Therefore, MDS users should treat this data as potentially sensitive and carefully consider and manage risk throughout the lifecycle of any MDS implementation. To learn more about best practices for privacy, please see the MDS Privacy Guide for Cities.
To further assist with the assessment and management of risk, this document contains lists of potentially sensitive data and fields within MDS APIs and endpoints, based on the latest MDS 1.2.0 release.
Because MDS is modular, a public agency could pick from a subset of these endpoints or fields based on their use cases, and not every agency will require every piece of MDS data. Of note in MDS is a new feature called Policy Requirements which allows agencies, per their use cases, to clearly exclude any fields or data they do not want to receive via MDS.
This table is a list of common direct and indirect identifiers, and if they are included in MDS in any capacity. Note this list is relevant to cities and governments using MDS, as mobility providers require directly some personally identifiable data for operations.
Not included in MDS, but data some providers and organizations may have access to outside of MDS:
- Social Security Number
- Tax ID Number
- Bank Account Information
- Insurance Information
- First or Last Name
- Home Address
- Work Address
- Cell Phone Number
- Email Address
- IP Address, Cookies, RFID tag
- Biometric Data
- Credit Card
- Drivers License Information
- Birthdate
- Sex/Gender Identity
- Race/Ethnicity
- Rider Height
- Rider Weight
- Income Level
- Internet Browsing History
- Mobile Phone GPS
- Trip Total Spending
- Rider Trip History
- Video or Audio
- Unique individual rider identification number (such as a customer ID)
Included in some MDS data fields:
Potentially Sensitive
- Vehicle or Device ID
- Vehicle Trip Origin/Destination
- Vehicle Trip Route
- Vehicle Parking Photographs
Not Sensitive
- Vehicle Trip Duration/Distance
- Vehicle Status/Properties
This table shows fields in MDS that could be combined with other external data to potentially re-identify a subset of individuals, broken down by the relevant MDS API and endpoint, and general data category. For each endpoint there are many more fields that do not contain potentially sensitive data - these fields are not listed here for simplicity. Note this list is relevant to cities and governments using MDS, as all mobility provider companies require directly identifiable personal data for operations.
Because some MDS data may be considered sensitive under specific circumstances, the OMF provides guidance on how to protect privacy in our MDS Privacy Guide for Cities.
| MDS API & Endpoint | Total Fields | Potential Personal Field Names |
|---|---|---|
| Provider Trips | 4/18 fields | device_id, vehicle_id, route, parking_verification_url (optional) |
| Provider Status Changes | 4/15 fields | device_id, vehicle_id, event_location, trip_id |
| Provider Reports | */7 fields | Considered sensitive * |
| Provider Events | 4/15 fields | device_id, vehicle_id, event_location, trip_id |
| Provider Stops | 0/21 fields | --- |
| Provider Vehicles | 4/12 fields | device_id, vehicle_id, last_event_location, current_location |
| Agency Vehicles | 2/11 fields | device_id, vehicle_id |
| Agency Vehicle Register | 2/7 fields | device_id, vehicle_id |
| Agency Vehicle Update | 1/1 field | vehicle_id |
| Agency Vehicle Event | 4/6 fields | device_id, vehicle_state, gps.lat, gps.lng |
| Agency Vehicle Telemetry | 3/13 fields | device_id, gps.lat, gps.lng |
| Agency Stops | 0/3 fields | --- |
| Policy List | 0/27 fields | --- |
| Policy Requirements | 0/24 fields | --- |
| Geography List | 0/9 fields | --- |
| Geography Detail | 0/9 fields | --- |
| Jurisdiction List | 0/7 fields | --- |
| Jurisdiction Query | 0/7 fields | --- |
| Metrics Discovery | 0/7 fields | --- |
| Metrics Query | */12 fields | Considered sensitive * |
* This feature is currently in a public beta testing phase to gather operator and agency feedback. Depends on the level of aggregation and a case-by-case analysis of whether it is likely that the recipient of the data may extract info relating to single vehicles, e.g. through disaggregation and with external data sources. This endpoint contains only aggregate data counts, and k-anonymity is also used to remove low aggregate counts.
