Let's rideshare all your data?

Let’s rideshare all your data?

Ahhh how convenient it is to need a ride and to immediately have a car and a rider at our disposal at the distance of a click on our mobile phone… We used to call a taxi cab. Now it is much cooler: it is up to Uber.

Uber is a San Francisco headquartered company which specialized in the ridesharing services, made available through a Smartphone application. The very particularity of the service is that it does not own any car nor hires any driver. Indeed, Uber is a platform which is intended to put drivers and riders in touch, thus allowing for people having a car to make some extra money and for people who don’t to actually have at their disposal cheaper rides and to select the most suitable ride, among the several models nearby.

If you live in a city where the service is not available, you certainly already know it better from the protests held, a few months ago, by taxi drivers and taxi companies, in some capitals where it was implemented, which qualify it as an anticompetitive business.

Competition matters aside, the Uber business model is built upon customers personal data – which is information that could reasonably be used to identify them – and, therefore, raises privacy and data protection issues which cannot be ignored.

Indeed, in order to develop its customized services, Uber collects and processes a humongous amount of personal data from its customers, such as their name, e-mail address, mobile number, zip code and credit card information.

In addition, certain information – such as the browser used, the URL, all of the areas visited, and the time of day – may be automatically or passively collected while users visit or interact with the services. This data is referred to as ‘Usage Information’. In parallel, the IP address or other unique device identifier (for the computer, mobile or other device used to access the services) is collected.

Tracking information is also collected when the user travels in a vehicle requested via Uber services, as the driver’s mobile phone will send the customer’s GPS coordinates, during the ride, to its servers, including, but not limited to geographic areas. It is important to note that currently most GPS enabled mobile devices can define one’s location to within 50 feet!

This geo-location information is actually the core of the Uber business as it enables users to check which drivers are close to their location, to set a pick up location, and to ultimately allow users wishing so to share this information with others.

The amount of information regarding habits and movements, locations, destinations, workplaces, favourite social spots, which can be concluded from a user’s trip history and from the geo-location data tracked through mobile devices, is as a matter of fact quite surprising… and impressively accurate.

For instance, back in 2012, in a post entitled ‘Ride of Glory’ which is no longer available in its website but is greatly reproduced elsewhere, Uber was actually able to link rides taken between 10pm and 4am on a Friday or Saturday night, followed by a second ride from within 1/10th of a mile of the previous night’s drop-off point 4-6 hours later, to ‘one night stands’.

I suppose that this outcome makes most of us feel quite uncomfortable… One thing is for our whereabouts to be known. Another, quite different, is the conclusion which can be drawn based on that information.

Most of us do not really think about the implications of randomly giving away personal data. We easily sign up for supermarket value cards in order to get discounts over our grocery bills, thus allowing the retailer to track our purchases and consumption habits.

Besides being – at the very least – very unpleasant to have our sex lives revealed by the details of our rides to home, there is indeed a wide room for concern considering Uber’s policy and recent practices.

Uber has a very broad privacy policy to which users actually give their consent when they download its app. Indeed, it establishes very few limits to the use of the collected data. According to its policy, Uber can use the ‘Usage Information’ for a variety of purposes, including to enhance or improve its services. In fact, to attain that goal, Uber may even supplement some of the information collected about its customers with records from third parties.

Quite recently, it announced an “in-depth review and assessment of [its] existing data privacy program”. Certainly this willingness to change does not go unrelated to the comments of a senior executive suggesting Uber was planning to hire a team of opposition researchers to dig up dirt on its critics in the media, referring specifically to a female journalist, which were received with a wave of strong criticism.

Of course, this could have merely been a distasteful and off-the-record (because being off the record makes it all better) comment made in a fancy dinner party which does not represent the overall position of the company.

However, right afterwards emerged the rumour according to which Uber’s internal tool called “god view”, which shows the real-time location of vehicles and customers who have requested a car, as well as access to account history, is easily accessible for employees without rider’s consent. As a matter of fact, it was employed to access and track a reporter’s movements.

These facts cause little surprise to those who already are familiar with Uber’s very own promotion methodologies, some of which consisting, at launching parties, to feature a screen showing in real time where certain customers were.

This pattern is a sharp reminder of the risks at stake when giving away our personal data for convenience. And the information revealed by the amount of data made available, randomly, through an application on our mobile, tablet, computer or similar devices.

Imagine now, for instance, that you have a specific condition which requires frequent visits to a hospital or a specialized medical centre and that Uber would be able to conclude what is your health status as easily it did regarding the user’s nightly romantic encounters.

I hope that this situation will lead to the adoption of a very strict privacy policy which will end up elevating the privacy standards for the entire related-industry.

But considering all this, I must ask: how much privacy are you willing to sacrifice for your convenience?