Your Privacy Hub

Yes We Trust moves to Didomi

We are excited to share that going forward, Yes We Trust content will be incorporated into Didomi, where we will continue to post relevant, educational content that helps you make sense of data privacy today, including out flagship newsletter and opinion pieces. Thank you for your continued support and see you there!

    • company-news
    • industry-news

    Published on March 29, 2023 last updated on April 13, 2023

    Cityscoot and the Cnil

    The CNIL has just condemned the self-service electric scooter rental company Cityscoot to a 125,000 euros fine for failing to comply with the GDPR.

    Indeed, the scooters are equipped with electronic boxes including a SIM card and a GPS geolocation system. These boxes collect position data from the scooters every 30 seconds when they are active. When they are not running, this collection takes place every 15 minutes. This data feeds a database specific to the scooter including GPS position, battery status, seat sensors, etc. The rental company has two other databases on reservation and customer data. 

    Given these facts, the french Data Protection Authority (the CNIL) considers that the data can be cross-checked with others, particularly through the reservation number present in each of the databases, by having an extended and simultaneous access to the databases.

    However, Cityscoot is contesting its 125.000€ fine.

    "The Cnil questions the functioning of our service in an unfounded way. We are thinking of challenging this decision before the Council of State"
    - Cityscoot in Le monde

    The company believes that the CNIL did not consider every aspect of the case. Cityscoot claims that it does not collect geo-location data in a disproportionate manner. "On the contrary, we collect it for specific purposes, and only in limited cases because Cityscoot needs it to provide its service and manage its fleet of scooters," the company explains

    This geo-location data allows the reimbursement of unused minutes. 

    "When a user calls us to tell us that he has not properly terminated his rental, and asks us to reimburse the minutes during which he has not used the scooter, we need to check how long the scooter has been stationary in order to calculate the amount to be reimbursed,"
    - Cityscoot in La Revue du Digital

    In addition, Cityscoot wants to emphasize that it has put in place necessary privacy protection measures. The company cites the fact that the scooters' position data is kept in a separate database from the user data. "The CNIL itself recognizes that this is a 'privacy by design' choice of computer architecture,".

    What is your opinion about this case? To discuss, head to our community:

    Continue the conversation in the Yes We Trust community

    avatar Melissa Walehiane

    Melissa Walehiane

    Content writer at Didomi