News
NEW
Cityscoot and the Cnil
Cityscoot and the CNIL

Published March 29, 2023
by Melissa Walehiane

min read

Summary

    The CNIL has just condemned the self-service electric scooter rental company Cityscoot to a 125,000 euros fine for failing to comply with the GDPR.

    Indeed, the scooters are equipped with electronic boxes including a SIM card and a GPS geolocation system. These boxes collect position data from the scooters every 30 seconds when they are active. When they are not running, this collection takes place every 15 minutes. This data feeds a database specific to the scooter including GPS position, battery status, seat sensors, etc. The rental company has two other databases on reservation and customer data. 

    Given these facts, the french Data Protection Authority (the CNIL) considers that the data can be cross-checked with others, particularly through the reservation number present in each of the databases, by having an extended and simultaneous access to the databases.

    However, Cityscoot is contesting its 125.000€ fine.

    "The Cnil questions the functioning of our service in an unfounded way. We are thinking of challenging this decision before the Council of State"
    - Cityscoot in Le monde

    The company believes that the CNIL did not consider every aspect of the case. Cityscoot claims that it does not collect geo-location data in a disproportionate manner. "On the contrary, we collect it for specific purposes, and only in limited cases because Cityscoot needs it to provide its service and manage its fleet of scooters," the company explains

    This geo-location data allows the reimbursement of unused minutes. 

    "When a user calls us to tell us that he has not properly terminated his rental, and asks us to reimburse the minutes during which he has not used the scooter, we need to check how long the scooter has been stationary in order to calculate the amount to be reimbursed,"
    - Cityscoot in La Revue du Digital

    In addition, Cityscoot wants to emphasize that it has put in place necessary privacy protection measures. The company cites the fact that the scooters' position data is kept in a separate database from the user data. "The CNIL itself recognizes that this is a 'privacy by design' choice of computer architecture,".

    What is your opinion about this case? To discuss, head to our community:

    Continue the conversation in the Yes We Trust community

    Related Articles
    Our freshest data privacy content for you
    • News

    California Toughens Law Enforcement | Yes We Trust

    March 15, 2023 by Melissa Walehiane

    Read Article

    • News

    The United Kingdom introduces a draft reform of its data protection law | Yes We Trust

    March 20, 2023 by Melissa Walehiane

    Read Article

    • News

    Court Decisions Strengthen Illinois Privacy Law | Yes We Trust

    March 9, 2023 by Melissa Walehiane

    Read Article

    • News

    OpenAI will propose corrective measures regarding ChatGPT ban in Italy | Yes We Trust

    April 14, 2023 by Melissa Walehiane

    OpenAI will propose corrective measures regarding ChatGPT ban in Italy

    Read Article

    • News

    MEPs are concerned about the proposed EU-US data transfer agreement | Yes We Trust

    April 19, 2023 by Melissa Walehiane

    Read Article

    • News

    California pushes back CPRA enforcement to March 2024 | Yes We Trust

    July 4, 2023 by Yes We Trust

    California pushes back CPRA enforcement to March 2024

    Read Article