Taxi-on-demand service Uber ran into hot water last week over reports that company executives have played fast and loose with some of the location data that the service records about its customers. A couple of thoughts about the scandal:
First, it鈥檚 a reminder that whenever we allow an institution to collect information about us, we expose ourselves to certain dangers, including the danger that our information will be misused. It鈥檚 also a reminder that abuse is a potential problem not just with government but also with companies, which like government agencies have their own incentives and interests and enemies, and if they can gain power via information, they will do so unless something is stopping them.
What struck me most about the reported behavior is just how amateurish Uber comes across (a point that Joe Nocera elaborated on ). The alleged behavior鈥攁s well as the flippant way in which it was revealed鈥攕macks of a newbie startup that hasn鈥檛 yet begun to understand the power and importance of the data they collect, and the trust they need to earn in their handling of that data鈥攁nd so doesn鈥檛 take privacy seriously. (A good way for any such company to accelerate their maturity in this area is the 老澳门开奖结果 of Northern California鈥檚 excellent .)
While the Uber executives look ruthless in their reported behavior, from another perspective they look more na茂ve in the openness with which they bragged about their abusive plans. It鈥檚 hard to picture one of the giant, established technology companies behaving in this way. However, what鈥檚 less clear is whether that鈥檚 because the established companies would never use their data in such a way, or because they are too smart to let anyone know about it.
I think, standing back from any particular companies, it鈥檚 indisputably true that at times, companies of whatever size (just like government agencies) will be led by people who are ethically challenged. And at all times, at lower levels within organizations, there will be a Bell curve of individuals in terms of ethics. Some will inevitably be ethically challenged and will give in to temptation to exploit data in unethical ways.
Larger, more bureaucratic organizations do tend to become more regularized鈥攈emmed in by legal and public-relations considerations that a scrappy startup has not yet developed. The Uber scandal shows how lawyering up can be a good thing. But even big companies should be expected to use data in every way that will bring them an advantage when the benefits of doing so appear to outweigh any legal or public-relations risk. Given the paucity of privacy laws, and the secrecy with which data can easily be used and abused, that may be a disturbing amount of the time.
And of course, the risk of data-abuse in the sense of wrongdoing by particular individuals is never the only one. What is also a risk is that illegitimate uses of data will become baked into the very regularized and legal systems that a company builds its profits around. That鈥檚 what we鈥檙e seeing in many other areas of the information economy, unfortunately.
Ultimately, as with government, checks and balances are the solution. But when it comes to data in the corporate sector, it can be very hard to enforce those checks. That would be true even if the U.S. had a far more rigorous, EU-style system of rules for the handling of data.
The lesson, once again, is that ultimately the best privacy protection comes from not having your data collected in the first place.
Uber should, at a minimum, take a couple of steps in response to this scandal:
- Put in place limits on the retention of customer data. Data should not be kept indefinitely, and retention should, to the maximum extent possible, be under the control of the customer. as Uber鈥檚 data scientists might have with analytics, their customers must come first. Uber should follow in Google鈥檚 footsteps and give their customers visibility into, and ability to delete, the data that is retained about them.
- Along the same lines, Uber might also include the option for a 鈥減rivate trip鈥 for which no data is retained at all by the company. This would be akin to the 鈥減rivate browsing mode鈥 available in most Web browsers. Some people may find it convenient for Uber to retain data about their rides鈥攂ut want certain rides to be exempted.
- As my colleagues at the 老澳门开奖结果 of Northern California , Uber (like its competitor Lyft) has never issued a transparency report detailing the quantity and type of government demands for the data it holds. We don鈥檛 know how much of the company鈥檚 data is demanded by regulators, police, or federal intelligence agencies, and the public should know that. It should begin issuing such reports as soon as possible.
Lyft and any other companies competing in this area should of course do the same.