California Bill Would Force Uber To Guard Passenger Privacy
by Carolyn Said, San Francisco Chronicle
Some Uber employees tracked trips of prominent people through the company’s “God View tool.” One executive threatened to do opposition research on journalists. Some reports allege that stolen Uber customer information is for sale on the Dark Web.
Such disclosures have raised concerns about the ride-hailing company’s privacy policy.
Now, a bill pending in Sacramento would force Uber, Lyft and other ride-hailing companies to follow stricter privacy rules. AB886 specifies that the smartphone-ordered ride services cannot disclose any data on passengers except to combat fraud or other crimes. It also says the companies must destroy all personal information when customers cancel their accounts.
“We want to put the consumers in the driver’s seat about who owns their data and personal information, instead of having them take a back seat,” said bill author Assemblyman Ed Chau, D-Monterey Park (Los Angeles County). “These technologies have revolutionized the way we travel, but these companies are collecting a lot of sensitive user information, much of it personally identifiable.”
A spokeswoman for Lyft declined to comment, but pointed to a letter by tech industry lobbying group the Internet Association, which states that the bill would “establish a host of prescriptive rules that would micromanage a specific mobile app technology without any corresponding benefits, at the expense of one of California’s most innovative industries and the larger mobile app economy.”
Uber did not respond to a request for comment, but has previously hired independent experts to review its privacy policy and said it would take steps to train employees, prevent unauthorized access and otherwise buttress its privacy safeguards. “Protecting personal data and privacy is foundational to the trust between Uber and our riders,” Uber wrote in a January blog post.
But advocates said that isn’t good enough.
“This is a very important issue that should not be left to the whims of a corporate privacy policy,” said Brian Taylor, a spokesman for the Consumer Federation of California, which backs the proposed bill. “It needs to be put into law so they know a bright line of what they can and cannot do.”
AB886 is due to be heard Monday by the Assembly Utilities and Commerce Committee. If passed there, it would go to the Privacy Committee on Tuesday.
Uber privacy is also a concern at the national level. Sen. Al Franken, D-Minn., has written to Uber CEO Travis Kalanick several times about how the company safeguards passenger data.
“Americans have a fundamental right to privacy, which includes the right to know who is getting access to their personal geolocation information and the ability to control with whom that information is being shared,” he wrote.
AB24, another bill pending in Sacramento, would compel Uber, Lyft and similar companies to perform fingerprint background checks on drivers and implement random drug and alcohol testing.
Tags: 2015 Legislation, AB 886, CFC Sponsored Legislation, Lyft, Privacy, Transportation Network Companies, Uber