Most Young Gig Economy Companies Way Behind On Protecting User Data: 2016 In Review
"Sharing" or "gig economy" companies like Uber and Airbnb continued to grow in 2016, meaning their data protection and privacy practices came into sharp focus as millions of Americans turned to these young companies for everything from rides to the airport to renting an apartment instead of a hotel room.
Customers are entrusting these companies—including others like Lyft, TaskRabbit, and Instacart—with enormous amounts of sensitive information about their habits and lives. To access the services offered, or to offer services via company apps, individuals are disclosing data about where they live and shop, what they buy, where they sleep, and where they travel.
In 2016, we published our annual Who Has Your Back report, which took a close look at policies and practices of gig economy companies and found much to be desired. On the whole, gig economy companies haven’t caught up with the rest of the tech industry in safeguarding user data against unwarranted government access demands. When the government comes knocking, most gig economy companies—whether home rental services, car sharing, or on-demand labor—aren’t promising to stand by their users.
Half of the companies we reviewed didn’t require a warrant before turning over customer data to law enforcement. Most of the companies we reviewed haven’t issued transparency reports providing information about the number of government data requests they get. There were some exceptions. Uber and Lyft earned our highest marks for best practices in transparency over their handling of user data.
But in December, Uber made a change in its iPhone app that undermined user privacy. The company removed an option to limit location tracking of its customers to “While Using,” a privacy setting in the iOS that provides users control of when their information is shared with the app. When you need a ride and open the Uber app, you are asked for location data and given the option of providing this “Always” or “Never.” The company took away the option of providing location data only while using the app. Choosing “Always” enables Uber to track your location for five minutes after you leave the vehicle. Sorry, but that’s just creepy and unnecessary. We’ve asked Uber to restore the “While Using” choice.
Unfortunately the Uber location tracking change is part of a disturbing trend among software makers that we saw continue in 2016 to take away, or at least limit, the ability of users to opt out of functionality that automatically gobbles up your personal information—such as location data and browsing history.
Two other examples stand out in the past year. Microsoft has aggressively pushed its Windows 10 upgrade on customers, using tactics that went from annoying to downright malicious. If that’s not troubling enough, consumers who upgrade find that once installed, Windows 10 sends an unprecedented amount of usage data back to Microsoft, particularly if users opt in to “personalize” the software using the OS assistant called Cortana. Here’s a non-exhaustive list of data sent back: location data, text input, voice input, touch input, webpages you visit, and telemetry data regarding your general usage of your computer, including which programs you run and for how long. Unless you’re an enterprise user, no matter what, you have to share at least some of this telemetry data with Microsoft and there’s no way to opt-out of it.
As our review shows, it is incumbent upon users to be mindful of what and how much information they give up in order to participate in the digital marketplace and to vote with their feet to platforms that do a better job of protecting user privacy.
This article is part of our Year In Review series. Read other articles about the fight for digital rights in 2016.