A new legislation in California aims to put curbs on the data Uber Technologies and other ride-hailing companies can collect and disclose. The move comes in the wake of reports that Uber has a tool that apparently lets its employees track the location of customers that have requested car service.
The Assembly Committee on Utilities and Commerce considers on Monday the Assembly Bill No. 886 (Chau), which has a number of consumer organizations and privacy groups as its backers.
The use of smartphones to request a ride, and their continued use in the course of travel, has resulted in the collection of a significant amount of personal information and data on each user, including information on where consumers live and work, and where they go and when, according to Assembly Member Ed Chau, the sponsor of the bill.
The information thus collected "provides new and intrusive opportunities for corporate surveillance and for unwelcome marketing purposes," he said in a statement.
The legislation will prohibit transportation network companies from requesting, requiring or disclosing to third-parties personally identifiable passenger data including names, email addresses, phone numbers, location and trip data, and credit card information, except when required to complete a consumer-initiated transaction or for criminal investigations.
Assembly Bill 886 (Chau) will also allow customers to shut down their accounts, at which point the transport company will have to destroy any personally identifiable information associated with that account.
"Limiting the data collected by ridesharing mobile applications does not reduce the functionality and availability to consumers that use and love them," according to Chau, a Democrat from Monterey Park.
But trade bodies disagree. In a joint letter to the members of the Assembly Committee, the Internet Association, California Chamber of Commerce and other groups said the bill would limit the functionality and availability of the ride-hailing mobile apps service as it uses a very broad definition of personally identifiable data as anything that "relates to, describes, or is capable of being associated with a particular individual."
The bill also attempts to regulate the industry with a regime focused around credit card transactions. As a result, the prohibition against apps requesting or requiring data from a consumer when providing transportation services unless that information is necessary to "complete a transaction," could be interpreted to ban collection of information on the location of the person, the device used and the route, the trade bodies said.
The collection of personal data by ride-hailing companies has previously come under scrutiny. Senator Al Franken, for example, asked both Lyft and Uber to explain their privacy policies.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.