The Sensor: Legal Insights into Autonomous Vehicles


The Sensor: Mobility-as-a-Service & Smart Infrastructure: A New Risk Paradigm


Mobility-as-a-Service (MaaS) refers to the concept of integrating various physical modes of travel (e.g. public transit, car sharing, ride hailing and bike sharing) into a single digital platform that enables users to plan and manage their journeys.

The MaaS industry supply chain consists of: 

  1. Transport operators who will provide the physical transportation to customers. This includes public transit operators, car sharing operators, ride hailing apps, etc;
  2. Infrastructure and data platforms that will facilitate connectivity and data exchange in the MaaS ecosystem; and
  3. Aggregators (or MaaS providers) who will compile and analyze data, make trip planning recommendations to customers and collect/process payments from customers. 

MaaS is a result of the convergence of technology and transportation, marking a shift from a fragmented urban mobility model often dominated by private car ownership into an integrated mobility model that, once situated within the smart and connected city along with autonomous vehicles, will improve transportation and traffic. It will also give rise to many new legal issues. We examine some of those issues here.

MaaS contracts and payment systems

The adoption and scaling of MaaS will see an increase in the private delivery of traditionally public transportation services as technology companies partner with transportation authorities. This will require complex contractual arrangements across the supply chain to navigate the interaction between MaaS participants (from both the public and private sector). Payment – whether by monthly subscription or pay-as-you-go models – will be at the heart of these relationships in order to provide a frictionless user experience through a singular app. In order to deliver a frictionless user experience, transport operators and aggregators will need to create a framework that will:

  1. Allocate the user payment among multiple transport operators for a single trip;
  2. Allocate transaction costs as well as the general and administrative costs of the MaaS system; and
  3. Disburse payments to transport operators.

Without that coordination and ease of use for the consumer, Maas is likely not to be fully realized.

Furthermore, a certain level of cohesion in contractual terms in relation to defence and indemnity covenants as well as insurance covenants is required across the supply chain to ensure the reliability and consistency of the service provided to users regardless of the transport operator.

Consumer rights

There is currently no MaaS specific consumer protection framework enacted or proposed in Canada. In recent years, municipalities have enacted laws aimed at enhancing safety and accessibility of ride sharing and car sharing services. For instance, City of Toronto’s Vehicle-for-Hire By-law contains provisions aimed at enhancing safety and accessibility of ride sharing and car sharing for consumers.1 This includes mandatory training for all drivers and three years of driving experience for all drivers. However, MaaS will likely require a more robust consumer protection regime to allocate the risk across its supply chain.

For example, in Finland, the Consumer Ombudsman has required MaaS Global, a Finnish start-up looking to bring multi-modal subscription transport service to cities, to introduce MaaS specific consumer protection measures into its terms of service.2 Under these measures, MaaS Global, as the integrator, is responsible for ensuring that the transport services offered in the app are available as promised. Each transport provider is responsible for the service it offers. However, if there is any significant change in the service (e.g. schedules and discontinuation of any service), MaaS Global is responsible for providing notice to consumers in advance of such change, and must rectify the defect without delay at their own expense or, if that is not possible, grant the consumer a price reduction. MaaS Global is also responsible for direct or consequential bodily injury and material damage.3

In addition to liability for defects, legislation may be required to address specific trade-offs between service quality (e.g. vehicle speeds and consumer route preferences) and the policy goals of the urban mobility system (e.g. reduce congestion and emissions). Lastly, MaaS will likely require minimum performance standards and technical specifications that would allow for a safe and reliable service across different transit modes.

Data protection and security

The success of MaaS will require accumulation of significant amounts of data and information, some of which will include information about identifiable individuals (“personal information”), as defined and protected by data protection laws. Delivering a seamless travel planning experience to users will also require significant sharing of data, in real-time, between transport operators. The challenge is that these organizations have an interest in protecting their trade secrets and maintaining the trust of their user base. As a result, they will likely need to insert contractual clauses detailing the type of data that will be shared, measures to protect the privacy of their users, how the shared data will be used, how to cooperate with respect to individual rights over the shared data, how to allocate obligations to satisfy statutory requirements, and a mechanism to allocate liability for data breaches.

Contractual arrangements will have to account for data protection and security responsibilities of all MaaS participants. These arrangements must also ensure compliance with existing privacy legislation including, in Canada, the federal Personal Information Protection and Electronic Documents Act, which requires meaningful consent for all collection, use and disclosure of personal information except in limited circumstances, and security safeguards appropriate to the sensitivity of personal information. Organizations must first determine the type of data that will be collected (i.e. personal vs. non-personal information) – and in case of personal information – whether it is practicable to obtain consent from consumers in collecting and using the data required to administer the MaaS ecosystem. Where consent is not practical, a key issue will be whether the data can be de-identified at source. De-identification is especially challenging in the MaaS context given the significant level of data sharing that must occur between organizations, and the instantaneous manner in which it is collected. In addition, organizations must bear in mind that in Canada the threshold for true anonymity in very high. Organizations must therefore rigorously protect against the risk that further analytics of de-identified data (e.g. aggregate GPS data on consumer movements) with other data (e.g. transactional information) may uncover personal information about individuals. The possibility that further analysis or the availability of other data sets could permit such de-identified information to be linked with identifiable individuals would make such data assets subject to data protection laws, no matter how thoroughly de-identified they may appear to be when considered in isolation.

In addition, the complex nature of MaaS partnerships makes it challenging to determine the applicable laws. Canada has separate laws for the collection and use of data by public and private sectors. Since local governments will be active participants in the collection and sharing of data, municipal stakeholders in Ontario for example may be required to observe compliance with the Municipal Freedom of Information and Protection of Privacy Act.

Where to (Next)?

Consider Canada’s first ridesharing and transit partnership between the Town of Innisfil (an hour north of Toronto) and Uber, which has brought on-demand transportation to the Town with a population of around 40,000. Instead of the traditional bus mode (which would include significant capital and operating costs), the program offered residents flat fare rides (now $6) to common destinations such as the train station and recreation complex, as well as a $4 discount applied to any other rides beginning or ending anywhere else in Innisfil.4

The program is entering its third year, and the lessons are being learned, mostly because of its success. In 2018, there were nearly 86,000 rides, with a nearly 70 per cent satisfaction rate.5 The costs to Innisfil therefore increased, which is the opposite of what traditionally is expected with mass transit: that is, the more people using a system, the cheaper (or more economical) it gets. As a result, a trip cap was introduced.6

There will certainly be more system and legal issues to address as MaaS matures. Autonomous vehicles will likely lower the costs and reduce congestion. Organizations must continue to monitor the technological progress in autonomous vehicles and MaaS, and be prepared to address the operational and legal implications of the new paradigm in urban mobility.

1. Toronto Municipal Code Chapter 546, Licensing of Vehicles-For-Hire (as amended on January 1, 2020)

2. Finnish Competition and Consumer Authority, “How to offer mobility as a service? The Consumer Ombudsman examined the terms and conditions of the Whim app” (October 2, 2019)

3. Ibid.

4. Innisfil Transit

5. Innisfil, “Innisfil Transit – 2018 Results and Fare Changes” (March 13, 2019)

6. Ibid.

Key Contacts

Table of contents