İlayda Anaç

Legal Intern

Two Devices That Collect A Surprising Amount Of Personal Data: E-Book Readers And Micro Mobility Devices

As a result of the rapidly developing technology, new life-facilitating inventions are introduced to our lives each passing day. Although these inventions are making our lives better in the interest of saving time, they may also harm us at certain points, such as data privacy. Two of these inventions can be specified as micro mobility devices (or commonly known as shared scooters) that have been in our lives for several years and greatly facilitated transportation and e-book readers which have been released by many different brands around the world.

Micro mobility devices, known as shared scooters, are defined as small and lightweight devices that typically operate at speeds below 25 km /h and are driven by users personally.1 Although these devices have gained recognition in the past few years, the size of worldwide investment in micro mobility entrepreneurs has reached $ 5.7 billion. Additionally, this market is expected to reach a size of 300 billion to 500 billion dollars in Europe by 2030 according to the research results of McKinsey & Company.2

Although these tools are making our lives easier due to the fact that they can be found at almost every location and help individuals to get away with the traffic, they pose a considerable danger in terms of data security. While micro mobility service providers keep some basic data of the user such as name, address and phone number as necessary to register to the system, they can also obtain more complex data such as the routes and roads used by the user and the speed of the user by tracking the device. In this context, the data of users is undoubtedly processed by and sharing them with various institutions/authorities in certain cases.

The prominent debate on micro mobility services and data security is whether a balance can be struck between the public and private authorities' policies to increase transportation services by obtaining certain data of users and the right to privacy of individuals. Even though public or private authorities may need to collect the data in order to provide social service and increase sustainability by improving transportation services and ensuring the safety of drivers and pedestrians (i.e. analyzing whether the routes used by drivers are suitable for the use of bicycles, scooters and similar vehicles in terms of infrastructure, taking actions to improve the transportation infrastructure), this situation may violate the right of privacy of individuals. Yet, micro mobility service providers can be informed about the routes followed by individuals, their locations, styles of driving and similar matters about the habits of individuals even including the legal or illegal activities that they have been involved in.

Although there is no clear regulation on whether a balance is struck between these two issues or in what ways it can be achieved, obtaining data anonymously is suggested as a solution. Pursuant to the General Data Protection Regulation ("GDPR")3, in the case that an information is relating to an identified or identifiable natural person, such information would be considered as "personal data", but the same would not be valid for a person whose information is processed anonymously. In this context, processing data of users anonymously can be an option for micro mobility service providers that are willing to comply with data privacy law.

Secondly, as briefly mentioned above, e-book readers are other electronic devices that collect a substantial amount of information from its users. Although it is commonly known that e-book reader providers are capable of controlling the content provided by them and the accounts of the users, it is frequently overlooked that such service providers also collect a high amount of personal data belonging to users. According to the article4 of Null Sweep about Kindle, the actions of opening the application, reading a book, flipping through pages and closing the book send over 100 requests to Amazon servers. Moreover, according to the same article the Kindle tracks every tap and interaction that a reader makes while reading. Along with the user habits, the personal data such as location and IP address of the users are also collected by such service providers.

Although it is thought that the collection of such personal data by an e-book reader service provider is not based on a legitimate interest -since there is no regulation on this matter-, according to the statements of Amazon, the data is needed for the "Whispersync" functionality of Kindle that allows for a reader to sync their exact place in a book between different devices, along with notes, highlights, and bookmarks as well as the objection of improving the Kindle software as a whole.

To sum up, although data privacy is one of the biggest focal points of our age, obtaining data privacy may not be possible at every point of our lives concerning the rapidly developing technology and the legislative regulations lagging behind these developments. Thus, our biggest recommendation for individuals who take care of the protection of their personal data would be considering data security at every stage of the daily life, including the most unexpected points.




3. Article 4 – Definitions; 'personal data' means any information relating to an identified or identifiable natural person ('data subject').


The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.