A Note on Transparency: Government Requests for Data
By Uttara Sivaram, Global Privacy and Security Public Policy at Uber
Today, Uber is updating our Transparency Report on government requests for user data, which encompasses requests for the full year of 2018. Because we know that transparency is a crucial part of the trust our users place in us, we are continually looking for opportunities to make this report easier to read and understand, more insightful, and more meaningful to our community. Transparency isn’t just about publishing numbers — it’s also about sharing how we respond to requests for data in a lawful way and in a manner consistent with our values, as described in our Privacy Notice and Law Enforcement Guidelines.
Beginning with this report, we are moving from bi-annual (twice per year) reporting to annual reporting to align with our regulatory reporting obligations in key jurisdictions, make the data easier to understand, and support historical comparisons year-over-year. By producing one annual report, we can be more accurate about the full set of requests that government authorities submit throughout the year. We also expect this will make it easier to expand the report to encompass more geographies and different areas of our business in the future.
It’s important that this report continues to develop alongside trends we see in both the volume and variety of government requests for user data. Indeed, ours was the first transparency report for ridesharing to include requests from non-law enforcement entities. We felt this was important because of the large number of city, state, and national government agencies we interact with that oversee technology, transportation, safety, and other public policy areas. The scope of the regulatory portion of this report is limited to ridesharing in the U.S. and Canada due to the complexity and volume of bespoke legal and regulatory requirements to which we are subject. Here, consistency is key, and for each requirement, we work closely with the local authority to understand the legal basis for their request and determine which data is most useful and necessary, taking care to minimize the amount of information that could potentially identify or “impact” an individual. In many cases, authorities alter their requirements in recognition of the privacy risks their requests can create.
However, determining which data is sensitive or could be used to re-identify someone is not always straightforward, even when personal identifiers are removed. For example, there is a large body of research from academia, industry, and civil liberties groups showing precise location points can be associated with individuals when combined with publicly available information, like where someone lives or works — or merely “checks-in” on social media. Our report, therefore, counts any data requests that include both the pick-up and drop-off of individual trips as potentially identifying.
As techniques to re-identify individuals with this type of data become more sophisticated and accessible, sharing location data at the individual trip level presents a growing risk to the privacy of our users, and we continue to seek ways to produce the insights cities need without compromising privacy. As the Future of Privacy Forum suggests, one way of doing this is by sharing data that has been aggregated, e.g. by location (how many trips in City X?) and time (how many rides occurred during peak commuting hours?).
For the majority of policy objectives, sharing aggregated data is not only safer than sharing individual-level data, it can also be more useful. For example, if the city wants to measure the impact that a road closure or building plan may have on traffic patterns, it’s helpful to see how travel times were affected by similar events. If the city wants to ensure underserved areas have equitable access to services like Uber, they need to know the volume of trips starting or ending in those areas. As an example, see here for the analysis we did to measure access to bike share for communities in need in California and Texas. Thus, when we work with cities and regulators on understanding the built environment and how people move within it, we’re also talking to them about asking the right questions and using standardized metrics — and not simply transferring personal data from one entity to another.
Sometimes, we receive requests that might require more granular data. For example, we work hard to provide a rigorous but efficient process for law enforcement that are seeking to access information about individual users in the course of criminal investigations or emergencies. In these cases, our dedicated Law Enforcement Response Team, which is trained to manage these requests, ensures that any disclosure of information is consistent with our internal policies (U.S. and non-U.S.) and applicable law. Safety is a top priority for us and we remain committed to working with public officials — and this effort underscores the importance of protecting personal data relating to the safety of individuals.
Our responsibility to preserve consumer privacy while meeting regulatory and public safety obligations will become increasingly complex as we field a growing number of government requests for data every year. Part of this increase can be attributed to the growth of our business in new markets, but this expansion has also been accompanied by a rising interest from governments to access data about people and their behavior. We deeply believe in the promise of effective data science to enable today’s connected cities and streets, but we must work together to build solutions that don’t compromise the privacy of individuals. Transparency is only the first step, but it’s a vital one, and we hope this report stimulates a much-needed conversation in more sectors about how to build privacy protections that travel with your data, no matter the journey or destination.