During autumn 2018, we advised the Finnish Communications Regulatory Authority (FICORA) in the complex data protection questions related to the cooperation between mobility service providers in mobility service ecosystems, especially with regard to ‘acting on someone else’s behalf’ in accordance with the Finnish Act on Transport Services (the ‘Act’).
In accordance with the Act, customers can authorize certain mobility services providers to access and utilize the customer’s credentials and existing customer account information held by passenger transport providers in order to purchase tickets and other mobility services on behalf of the customers from such passenger transport providers. The purpose of the provisions is to foster the development of innovative Mobility as a Service (MaaS) concepts integrating various forms of transport services into a single on-demand mobility service.
We prepared a broad analysis of the data protection aspects related to acting on the customer’s behalf, including the roles and respective responsibilities of the parties involved, legal basis’ for such processing as well as specific issues relating to customer authorizations and ticket resale chains.