At Posmo we are collecting and handling individual mobility data. Such data is personal and highly sensitive, as it allows inferring detailed information about where individuals’ time was spent. The use of GPS data collected via mobile phones thus raises important privacy, data governance, and data ethics questions. Posmo aims to develop an ethical data stewardship framework for how to collect and use mobility data. It is important that all guidelines and procedures reflect Posmo’s main mission - to establish an ethical data market for mobility data.

In order to do this, we have set up the ethics board, which defines the guidelines and evaluates critical questions. The ethics board is the supervisory body of the cooperative, and its main objective is to protect the privacy and rights of the data producers and members of the cooperative. On behalf of the individual data subjects, the ethics board ensures that every use case with data from the Posmo data pool, and the organization behind it, is in line with our ethical foundation. The group is composed of individuals from various relevant backgrounds like data protection and IT security. As an independent body, the ethics board is free to decide and not influenced by any commercial or other considerations.

In its work, the ethics board strives to strike a balance between the protection of the privacy and the rights of the data producers, while also allowing for efficient use of shared data. This requires a critical evaluation, not just of submitted projects for data collection, but especially when data buyers request the sharing of collected data. To this end, POSMO's actions are governed by fundamental guiding principles and values of data ethics, such as Autonomy (Self-Determination) and Privacy, Transparency and Openness, Accountability and Trustworthiness, Beneficence and Cooperation, Non-discrimination and Diversity, Environmental Welfare, and Human well-being.

But how will we implement this in practice? After all, those points might sound easy to follow but are also quite abstract. That is why the ethics board is aligning Posmo’s values and standards with the procedures that take place as part of our operations. Posmo offers a variety of solutions to unleash the value of data in a privacy-friendly manner. Let’s look in more detail at our Tracking solution to exemplify how the values and standards break down into procedures.

When a customer of Posmo wants to start collecting and analyzing data, they propose a project to Posmo. The project specifies why they want to collect and analyze data, what kind of data they are looking for, and what they want to do with it. The customer, which is often an organization, can already start collecting data of subjects that belong to its organization, e.g., employees or research associates. However, before a project can be made public on the Posmo platform so that any data subjects can be invited to provide data, the ethics board has to approve the project. This is done through a qualitative check of whether:

1. Is the customer aligned with our values?
2. Is the research intent aligned with Posmo's purpose

This first check is primarily intended to ensure that projects that are, by their very nature, counter to the mission of Posmo do not get approved. If a project is rejected, the customer has the opportunity to reframe the project to align it with Posmo’s values and purpose. To ensure that our project pipeline does not get bogged down by an infinite circle of rejections and resubmissions, customers are incentivized by a credit system.

Once a project is approved, customers can invite data subjects to start collecting data. At any point during the data collection period, the customer can submit requests to run analysis on the collected data. The analysis stage is where potential privacy risks are most likely to materialize; hence, the ethics board is involved again to approve the analysis requests.

The ethics board needs to ensure that the results of a requested analysis are within those lines defined by Posmo. The main focus is on ensuring the anonymity of data subjects by only sharing data that is aggregated at a certain level. To give a clear example, if only one person has participated so far in the project, the data request would be rejected because the data would be too directly attributable to one person. However, most cases aren’t as clear-cut. To assess a request, the ethics board also takes into consideration if additional data from external sources are combined, for example, for the profiling of individuals.

The ethics board can decide to approve or reject a request with comments so that a customer can modify the request and resubmit it. Many ethical concerns can already be addressed through technical measures, e.g., by removing personal data elements from the dataset that are unnecessary for the requested analysis. Whether for the project or the analysis approval, the ethics board uses a traffic light system. The president of the ethics board is the first to evaluate a project or analysis request, and based on the answers to the following aspects, he can take a decision alone or after consulting with the entire ethics board.

For the approval of a project, we look at:

For the approval of an analysis request and the consequent sharing of data, we look at:

To use an example, a civil engineering department wants to collect data on the usage of certain streets by cyclists to identify the usability peaks. They submit the corresponding project to Posmo, which is favorably evaluated by the president of the ethics board. The project description contains a clear privacy & security concept. As a public-sector body, the project organization also doesn’t raise reputational concerns. The project organization has created a separate website to inform the public openly and transparently about the project and the outcomes, and they have submitted a clear concept for data stewardship. The usecase – optimizing existing biking infrastructure due to new insights on usage – can also be considered socially beneficial and in line with Posmo’s values.

After a couple of cyclists have entered their data, the civil engineering department might want to conduct a first analysis on the busiest routes on Friday evenings and will submit a corresponding analysis request to Posmo to be executed on our data. Running the analysis creates a dataset that is evaluated by the ethics board before sharing it with the project organization. The main concern here, as outlined above, is whether the data allows for a certain level of privacy, which is achieved by aggregating the data enough. For example, if the request is limited to analyzing a defined part of the overall bike lane infrastructure, a high level of aggregation and, thus, protection of individual privacy is guaranteed, and the data can be shared. If the request produces a dataset that allows for following the movements of one individual at a high resolution - e.g. from his home address to place of work - this data would not be shared, and the ethics board would advise the project organization to reformulate the analysis request to produce a dataset of higher aggregation.

Through technical measures, such as the implementation of anonymization techniques, as well as through our ethics board, we try to strike a balance between unleashing the value of mobility data while upholding the privacy of individuals. We are constantly working to improve our processes and policies - if you have feedback or suggestions, please get in touch via ethics@posmo.coop.