The ride-hailing app Wheely has written to the UK’s Information Commissioner’s Office (ICO) after claiming it is being pressured into potentially breaking European privacy law by handing over data on its journeys to the Moscow Department of Transportation (MDOT).
The company, which has its headquarters in London, last month had its Russian subsidiary suspended from operating by a Moscow court for 90 days, after it refused to hand over the information that it argues could be used to breach the privacy of individual customers.
The case is the latest row between a major city and a ride-hailing app about the balance to be struck between regulating transport and customer privacy.
In the letter to the ICO, sent last month, the Wheely chief executive, Anton Chirkunov, said: “We are very concerned that sharing the data with the MDOT would likely result in a high risk to the privacy rights and freedoms of the individuals to whom it relates, due to the sensitive (and very detailed) nature of the information sought.
“We think it unlikely that we (or any other business established in the EU and operating a ride-hailing service in Moscow), would have a legal basis for the purposes of the GDPR [General Data Protection Regulation] to share the requested data with the MDOT.”
Wheely has asked the ICO to “urgently consider” the legal position and how “other European ride-hailing companies that operate in the Moscow market have complied with [the] requests … and take immediate action to ensure that any harm to the individuals concerned is prevented.”
A spokeswoman for MDOT said: “According to the mayor’s decree, the Department of Transport and Road Infrastructure Development of Moscow requests a location of a car and a route it travels, as well as brief information about a driver – the absence of a criminal record, positive driving experience and other data to make sure that the service is carried out safely. Passengers’ personal data was never requested – neither name, nor payment method, nothing that could reveal personality.”
She added that other operators, including Gett and Uber’s Russian joint-venture with Yandex, had provided the data and so had not had their operations suspended.
Wheely argues that the information supplied to MDOT could be used to work out details relating to individual customers. Gett, Uber and Yandex declined invitations to discuss the data they had provided to MDOT.
The arguments over data do not just apply to Moscow and have been mirrored in other cities.
Last year, Los Angeles suspended Uber’s permit to rent electric scooters and bicycles because the corporation refused to follow the city’s rules on data sharing. At the time Uber argued that providing the data to LA could allow for the misuse of personal data.