Support Skift’s Independent JournalismMake a Contribution Now
Among the numerous concerns that travelers have when they use sharing economy services, data privacy has taken something of a backseat to more concrete safety and security concerns.
The newest version of the Electronic Frontier Foundation’s (EFF) annual “Who Has Your Back?” report takes a look at how sharing economy services protect user information from government requests.
Uber and Lyft were both ranked strongest overall, followed by Airbnb and FlipKey. VRBO, Turo, and GetAround didn’t satisfy any of the EFF’s criteria.
The report’s analysis finds that the steps that these services have taken reflect the overall ethos of young technology companies in the U.S.
“Our biggest takeaway is that sharing economy companies are in their infancy in thinking about these issues and how to deal with government requests for data,” said EFF senior staff attorney Nate Cardozo, who helped develop this year’s report. “The more traditional Internet companies are much more mature, both in terms of their corporate structure and public policy teams. Uber has been forced in the last couple of years to really beef up its public policy team, but they’re kind of unique.”
Here’s the breakdown of the report’s findings on sharing economy services in the travel ecosystem:
|Requires warrant for user content||Requires warrant for prospective location||Issues a public transparency report||Issues public law enforcement guidelines||Tells users about government data demands||Stands up for user privacy in Congress|
The companies that haven’t complied with any of the EFF’s criteria either don’t receive many requests from the government for data or are simply pretending government data sharing issues don’t exist.
“It’s an ostrich problem; these companies would rather pretend the government isn’t coming to their doorstep every few minutes, and that it will go away,” said Cardozo. “Your industry is here, and it’s time to start behaving not like a seat-of-the-pants startup, but more like a responsible stakeholder.”
Finally, the report doesn’t include European companies for a reason.
“We only included American companies in our report because when we started digging in we realized companies outside the U.S. aren’t able legally to provide their customers with the same level of data protection American companies can,” said Cardozo. “European companies don’t have a way for a company to challenge a law enforcement request for data. Here, you can fight a subpoena or search warrant and oftentimes you win. European data protection is great for private party data sharing and almost non-existent for public sharing.”