Chinese bike-sharing company Mobike is being investigated by German regulators for potentially being in breach of the EU’s General Data Protection Regulation (GDPR).
In a statement to the Financial Times, a spokesman said, “The Berlin commissioner for data protection and freedom of information had already planned to launch an investigation into car- and bike-sharing companies … It is planned to request a written response from Mobike in the coming week and to request answers to a catalog of questions.”
The regulator’s concern with bike- and car-sharing platforms is the significant amounts of data they collect about their users via mobile phone apps, including precise location data — even when the customer is not using the bike or car.
And in the case of foreign providers like Mobike, there is also the challenge of implementing restrictions on the transfer of data outside the EU. The company was even called out in a recent article by Alexander Hanff, a researcher on data ethics at Singularity University. “Mobike is not GDPR or ePrivacy compliant — it is far beyond time that such compliance should be required before public authorities allow such services to exist in their communities,” he wrote.
Mobike is a major player in the bike-sharing market across Europe, with its orange bikes found in 23 cities, including London, Paris, Madrid, Milan and Rotterdam. The company says it has more than 200 million registered users around the world.
And Mobike is ready to defend itself and its data privacy standards.
“We take data protection extremely seriously. We follow industry standards. I don’t think there is anything Mobike does that other companies are not doing,” said Steve Milton, head of growth at Mobike Europe. “GDPR is a hugely sensitive and complex regulation. We are always happy to sit down with data protection offices and share with them what they need to know.”