‘Do Not Track’ Report Offers Privacy Guidance for the T’s New Fare System

The MBTA’s new fare payment system will potentially collect a lot more personal data from riders and their cellphones, and a new TransitCenter report offers advice for how riders can protect their privacy.

The MBTA is in the midst of its “fare transformation” project, which is intended to replace magnetic-stripe CharlieCards with a new payment system that will allow more electronic payment options.

The project has lagged far behind schedule since the agency signed its first contract for the project in 2018, but under an amended contract approved last year, the T expects to start using new CharlieCards and tap-to-pay fare readers (like the one pictured above) on some lines by 2022, before fully integrating the new payment systems on all routes by 2024.

While the new system will no longer accept on-board cash payments on buses, the agency is planning an extensive new network of fare vending machines that would be located near major bus stops and in local retail stores to let riders buy and reload the new CharlieCards, either with cash or with credit cards. The agency is hosting virtual public meetings this week and next week to solicit feedback on the proposed locations.

According to the T, the new system will enable faster bus trips with all-door boarding and make it easier for customers to buy and refill their CharlieCards.

But new electronic payment systems linked to debit and credit cards “have the potential to significantly increase the personal data generated and collected by transit agencies, as well as the private companies agencies contract or partner with,” warns TransitCenter, a transit advocacy organization based in New York City.

“Where before you might buy a fare card from a vending machine once a month, (in the new systems) people are creating a detailed data point with their location and personal payment information every time they tap in to board a bus or a subway,” said Thomas Pera, a Program Associate at TransitCenter and one of the authors of the report, in a phone conversation with Streetsblog on Tuesday.

In “Do Not Track: A Guide to Data Privacy for New Transit Fare Media,” TransitCenter recommends four key policies that agencies can adopt to help assure riders that their data is safe.

One of the report’s recommendations – allowing users to use cash to buy the new fare cards, to avoid associating any personal information with their transit rides – has already been wholeheartedly embraced at the MBTA, based on research that found that lower-income and non-white riders are more likely to rely on cash to pay their fares.

The ability to pay for fare cards with cash is important for serving riders who may not have bank accounts or credit cards, but it’s also important for customers who want to protect their personal information.

“If you can pay with cash instead of a credit card, your personal data isn’t associated with the trips you take,” says Pera.

The “Do Not Track” report also recommends that agencies “make secure data management an organizational priority,” “clearly and transparently communicate privacy policies,” and “use data sources that protect personal privacy to improve service planning for riders.”

Whether the T’s new fare system will embrace those other recommendations is unclear at this point – but the fare transformation’s website promises that the agency is  “committed to maintaining our riders’ privacy.”

The current MBTA privacy policy is nearly 15 years old and, with its 18 printed pages of dense text, not particularly user-friendly.

But the T says that it will re-write the privacy policy as part of the fare transformation effort, and that “we need your feedback to help us understand your concerns and how these policies impact you.”