The recently launched Touch&Travel app has raised privacy concerns.
Berlin's data protection ombudsman has criticized Berlin's transport authority for failing to properly address data privacy issues related to its new mobile phone ticket service.
The BVG's Touch&Travel service launched earlier this month allows commuters to pay for transport tickets using their iPhone or Android smartphones at all 7,500 stops in Berlin's AB zone and Potsdam.
(Zone C will be included upon the completion of Berlin Brandenburg International Airport.)
Although, for the time being, only those on Vodafone or Telekom contracts will be able to avoid the frustrating experience of seeing their train or bus ride off into the sunset just as the vending machine dispenses their ticket.
To avail of the service, commuters must download the free Touch&Travel app and activate their account with a PIN and customer number.
The user then logs into their account while boarding a bus, tram or train and logs out upon exiting. Their position is pinpointed and tracked via GPS or alternatively by scanning the QR codes located at the station.
At the end of the day, the app calculates the cheapest fare – single, short trip or day ticket – with the commuter receiving a bill at the end of the month. Users can check their account status online at any time. The BVG sends a reminder to those who forget to log out upon disembarking. The program continues to track the user's location until that point.
It is what happens to the collected GPS data that troubles data protection groups.
The service does not pose any data protection or privacy issues as user movement profiles are saved anonymously for six months, according to the BVG. This is done in accordance with Germany's data protection laws, says Birgit Wirth, head of mobility at the Deutsche Bahn, which has been testing Touch&Travel for a number of months.
However, Berlin's Data Protection Officer, Alexander Dix, claims there are many open questions with regard to what happens to saved data. The BVG must also make efforts to better inform commuters about the implications, Dix says.
Such location-based ticketing services in other cities have previously come under fire from civil rights campaigners due to privacy concerns.
London's Oyster card system tracks commuter movements and retains user information, such as a unique ID number linked to the owner's name. The data is saved for years and can be handed over to law enforcement agencies under certain conditions. Collection of such seemingly innocuous information represents a threat to "locational privacy" (the ability of an individual to move freely without being subject to monitoring), argues civil rights group Electronic Frontier Foundation (EFF).
Researchers at the University of Austin,Texas, and Stanford University have also demonstrated how anonymous data can be easily de-anonymised with the use of relatively little information.