From CNIL, France’s data protection regulator:
On 16 March 2023, the CNIL imposed a fine of €125,000 on the company CITYSCOOT in particular because it disproportionately infringed on the privacy of its customers by geolocating them almost permanently.
In 2020, the CNIL partly focused its investigations on several priority thematic areas related to the everyday concerns of the French, including geolocation for local services.
In this context, the CNIL carried out investigations on the company CITYSCOOT, which rents scooters for a short period. The investigations focused in particular on the data collected as well as on the information and consent obtained from users before processing technical information on their mobile phone or computer.
As part of the investigation, the CNIL found that during the rental of a scooter by a private individual, the company collected data relating to the geolocation of the vehicle every 30 seconds. In addition, the company kept a record of these journeys.
On the basis of these findings, the restricted committee – the CNIL’s body responsible for issuing sanctions – imposed a fine of €125,000 on CITYSCOOT, which was made public. This decision was taken in cooperation with the Spanish and Italian data protection authorities, as CITYSCOOT also offers these services in these countries.
The amount of the penalty takes into account the company’s turnover, the number of users (about 250 000 in 2022) and the seriousness of the breaches identified, but also the measures taken by the company to remedy them during the procedure.
Read more at CNIL.
h/t, Joe Cadillic