After privacy advocates raised concerns about Los Angeles’s lack of rider protections, the city’s department of transportation (LADOT) issued a set of MDS data handling principles in April 2019. In response, the non-profit Electronic Frontier Foundation stated, “While the high level principles are a good preliminary step, they are a far cry from actual data protection policies.” For example, LADOT did not delineate how it will use, share, store, secure, or de-identify data, nor did its principles include any retention limits or deletion requirements.

LADOT has said that MDS data will be classified as sensitive and confidential, which means ride information will not be published online or subject to public records requests. But there are few protections in place keeping those with access to MDS data from abusing the system by say, stalking an estranged spouse. Even if city employees acted with the soundest moral code, there is no foolproof way to keep MDS data from falling into the hands of bad actors. In truth, sensitive information can easily be transferred or leaked, as witnessed by the parade of publicly reported municipal data breaches.

Unfortunately, cities with even less technical capacity and expertise than Los Angeles are following LADOT’s lead. And many of them have done little if anything to communicate with individual riders about MDS data collection and security practices.