Blog Post

If you’re worried about Uber and privacy, don’t forget Lyft and Sidecar

Stay on Top of Enterprise Technology Trends

Get updates impacting your industry from our GigaOm Research Community
Join the Community!

Privacy concerns are front and center when it comes to Uber’s messy week, and a personal experience with the cavalier use of user data really brought that home for me.

The Uber controversy is a perfect storm of conditions: Ethically questionable leadership, aggressive threats, and a company with powerful user data. Uber has your credit card details and information on where you travel at what times. That’s a scary thought, especially when you look up the lengths it has gone to thwart those who oppose it — like its competitor Lyft and existing taxi services.

In the fall out from Emil Michael’s threats to dig up dirt on journalists, Uber has gotten a lot of tough privacy questions thrown its way. Ten of them, in fact, from Senator Al Franken, ranging from “To whom is the so-called God View tool made available and why?” to “Why aren’t these [privacy] standards set out for customers?”

Uber has been rightfully targeted, because its “at-all-costs” business mentality is what makes the privacy issue scary, especially for those who might be on Uber’s blacklist. But these are questions we should be levying at all the new transportation connection companies, not just Uber. Lyft, Sidecar, Flywheel, Curb, Hailo, and their ilk have similar technology and nearly identical use cases to Uber.

Months ago I had an uncomfortable experience, similar to that of a Buzzfeed News reporter who showed up to an interview at Uber and found out the company was tracking her on its God View. But my situation was a little more personal than that.

An ex-boyfriend who worked at a transportation technology company I once critiqued texted me and said, “You still love us, I looked up your account and you took us yesterday!” Fortunately, this ex and I are on good terms and he has never threatened me.

But what if that hadn’t been the case? A former — or even current — romantic partner, friend, or professional acquaintance could see where and when I’m traveling. They could tell whether I spent the night at a different apartment, or where I prefer to dine. They could fact-check if I’m telling the truth when I say I’m out of town. It’s a stalker’s dream…or the perfect tool in the hands of someone looking to destroy your credibility.

We’re deep in the throes of the legislative and political data problems that Om discussed almost two years ago in a post. At the time he said:

The shift from a generation that started out un-connected to one that is growing up connected will result in conflicts, disruption and eventually the redrawing of our societal expectations. The human race has experienced these shifts before — just not at the speed and scale of this shift…I do think it is important for us to start talking about what the etiquette of a connected and a quantified society will be.

The rideshare tracking issue brings that front and center.

All the companies have trotted out a line about user data only being accessed “for legitimate business purposes.” But as others have pointed out, what defines “legitimate business purpose?” How clearly are employees trained on this? Because there’s a big difference between sticking it as a line in a training manual their first week on the job, and repeatedly communicating that they could be fired for taking this action.

In light of the recent Uber scandal, Lyft and Sidecar are reevaluating their procedures. Lyft told Re/Code it changed the way its employees can access transit data so that its limited to a subset of employees. Sidecar told The Wall Street Journal, “We’re also drawing on lessons from news events to reevaluate and restructure our own policies.” Taxi transportation apps like Flywheel, Curb, and Hailo haven’t said publicly whether they’re doing the same.

We should push these companies to implement some form of consent, where even at the higher level employees must reach out to users to access their travel logs. There’s remaining questions that haven’t been answered: Is information anonymized for when the data is analyzed to make the system more efficient? What employees need access to user data to do their job and why?

This issue isn’t Uber’s alone.

3 Responses to “If you’re worried about Uber and privacy, don’t forget Lyft and Sidecar”

  1. Amy Driver

    Yeah, this “for legitimate business purposes” crap is so grey area that almost anything goes. These rideshare companies are so unregulated because of their new presence in the transportation market. It will be interesting to see how this all plays out over the next few years. I’ve been using Uber for the most part but recently I found this guide on what to expect on your first lyft ride: and I gave Lyft a shot, and I’m liking so far.

  2. If only there was some option to Uber and Sidecar and Lyft that did protect your privacy, and even allow you to pay in cash. Hmm, it would be cool if they could brand themselves with bright yellow cars