Personal Data Security to be made Top Priority for Ride-hailing Companies

With the private ride hailing companies on the rise, it is about time governments are getting involved to ensure the passenger data is protected from any misuse.

A new legislation in California is set to target ride hailing companies such as Uber and Lyft based on their customer privacy dealings. The issue has been much discussed before as well, especially after Senator Al Franken’s question marks over the data handling procedure of such companies raised a few eyebrows back in December 2014. These actions however were initiated by reports suggesting that such companies use specific tools to monitor personal information of customers and the information is later vulnerable to manipulation. The Assembly Bill No 886 has a number of consumer organizations and privacy groups as its backers.

The issue surfaced back in December 2014 when Senator Al Franken,  the Minnesota senator wrote a letter to the Uber CEO asking the company to outline the protocol it uses to handle customer data and privacy content. He wrote a similar letter to Lyft, Urban’s major competitor as well.  The whole fiasco that motivated Senator Al Franken originated when BuzzFeed reported that Uber executive Emil Michael threatened he would spend a million dollars to “dig up dirt” on its critics in the media. Then a Buzzfeed journalist reported that Uber had used an app named “God’s View” to track her without her knowing. This combined with the continuous notion that the Senate Judiciary Subcommittee on Privacy doesn’t feel warm about the procedures used by companies such as Uber and Lyft to track customers, proved to be a bit too much to swallow.

Assembly Bill 886 intends to safeguard passengers’ privacy by barring ride-sharing companies from requesting or requiring that passengers provide personal information such as names, email addresses, phone numbers, location and trip data, and credit card information. The bill would also require ride-sharing companies to destroy any personally identifiable information associated with accounts that are canceled. Assembly Bill 886 will also empower customers to shut down their accounts in which case the company will be bound by law to delete all personal data of the customer.

Services such as Uber and Lyft, which connect passengers with drivers via a smartphone app, have developed briskly in the past five years, broadening to cities around the world. Uber is currently in more than 260 cities in 54 countries, while rival Lyft operates in more than US 60 cities. The sheer magnitude of the data base that would thus be available to Uber is a sign of caution for the Assembly.

The frequent use of smartphones to request a ride has become a norm and has increased the number of harmful consequences that might be involved. The use of this protocol has also resulted in the accumulation of a huge data base comprising of a significant amount of personal information that customers are reluctant to hand out normally. Information such as where does a customer live, where does he usually go, his daily routine, and his transport patterns is available in such databases. This was the point made by Assembly Member Ed Chau.

“Limiting the data collected by ridesharing mobile applications, effectively reduces the functionality and availability to consumers that use and love them,” Chau, a representative of the Southern California city of Monterey Park, said in a statement. “On the contrary, this legislation is not about limiting the consumer; it is about giving the consumer ownership of their privacy, which can be the subject of abuse under certain circumstances.”

He further added “We want to put the consumers in the driver’s seat about who owns their data and personal information, instead of having them take a back seat, these technologies have revolutionized the way we travel, but these companies are collecting a lot of sensitive user information, much of it personally identifiable.”

However, there are two sides to a story and although companies such as Uber and Lyft haven’t been too eager to respond to the allegations put forth, they have defended themselves from such controversies.

The Internet Association is an online tech group that groups with organizations such as Uber and Lyft. The Association has released an official statement addressing the situation.

“The legislature already addressed these issues last year, and determined they were unnecessary to ensure rider and driver safety.  The great thing about competition is that consumers have choice.  Californians, more than ever, are choosing ridesharing as their preferred means of transportation, and they are doing this because it is a better, safer, and more positive experience from start to finish.”

Other groups such as CALinnovates weighed in as well in support of their fellows.

“It is outrageous that any legislative energy will be spent on this new bill, a practical carbon copy of Assembly Bill 612, a bill that didn’t even make it out of committee last year”

The above few lines showcase as a clear statement of intent underlining the fact that these ride sharing organizations won’t back down too quickly and are doing their homework well. Although the bill is a definite speed breaker for these companies, they might fight these allegations and prove that the procedures used by such companies are transparent and completely secure for their customers.

Groups such as the Internet Association, California Chamber of Commerce and such entities have however drawn up a joint letter to the members of the Assembly Committee stating that such bills would limit functionality and effect quality of service. In the letter, the groups argue that the services they provide are unique and comfortable for their customer and their customers wouldn’t be using such services if they weren’t content with the procedures used. The letter argues that the Bill uses a very broad and lavish definition of “identifiable data” as anything that “relates to, describes, or is capable of being associated with a particular individual.”

The fate of the Assembly Bill is definitely debatable with a number of outcomes possible, but one thing is for sure, the strong tide that has originated with this bill won’t just stop here and if others continue along the same lines, a much more complicated yet effective system would have to be developed to protect the privacy of the public availing such benefits. On the contrary, if Uber, Lyft and similar prodigies are to cement a commanding position in the current market, these issue need to be handled quickly and comprehensively. Let’s just hope that whatever happens, it works out in favor of the public that just sits there silently listening to the superpowers argue.

April 27, 2015

0 responses on "Personal Data Security to be made Top Priority for Ride-hailing Companies"

Leave a Message

Eristotle™ Project

Eristotle Project develops and deliver innovative solutions and services for improving Cyber Security and Compliance posture for global small and medium size organisations. Capitalising on our interests and R&D driven insights backed by Big Data analysis, we continue to add value for our customers and partners by leading them towards fact based decision making and leverage their investments where they matter the most.

Popular Courses

© Eristotle. All rights reserved. Legal | Contact