Data in the On-Demand Economy – Privacy and Security in Government Data Mandates

If you want a luxury car to take you across town to impress a date, you can get it in five minutes. Need a repair done at your house urgently? There’s an app for that. Looking for a place to stay, but want something different than a hotel? Easy. And of course, if you are willing to give people a ride, repair a broken dishwasher, or make your guest room open to a stranger, you can easily make your service available. The “on-demand” economy is here, and there is unquestionable demand from both those seeking services and those wanting to provide services.

Today, innovative technology companies are entering into new areas of the economy – like travel, transit, utilities, and healthcare – introducing new players into industries that have historically been dominated by a few companies. These developments have been referred to as the sharing economy, gig economy, or, as in this paper, the on-demand economy.

Many of the sectors these companies are disrupting are often highly regulated, with detailed operating requirements, complex regulations at the state and local level, and extensive oversight by governmental agencies. For technology companies that have historically not operated in highly regulated areas, this presents a host of new challenges; for agencies, the difficulties in regulating companies that are not accustomed to this type of governance are equally striking.

This new instability has led to many proposals designed to update existing laws and regulations for technology service providers. These proposals frequently mirror the current requirements on companies to provide information to the government about operating procedures. However, because technology companies often have far more personally identifiable information (PII) on customers (including, for example, names, addresses, email addresses, IP addresses, location information, and financial information), all of which may be part of a single customer record, a mandate for companies to provide information to the government about operations could, if not narrowly crafted, result in massive transfers of sensitive customer data to the government.

While the government might need some categories of information about individuals for specific reasons, given the massive amount of data generated by on-demand technology companies, data transfers for broad purposes raise a host of privacy and security purposes. The Center for Democracy & Technology (CDT) believes in the need for regulations to both protect consumers and ensure compliance with the law by all companies operating in a specific market. However, such regulations need to be carefully drafted to collect only necessary consumer information for delineated purposes, and must prescribe security standards and retention limits for the data. This paper discusses both the policy concerns surrounding proposals geared toward on-demand technology companies, as well as provides recommendations for how to create regulations that promote governmental goals while preserving consumer privacy – and enabling ongoing innovation.


Resources

Download PDF

Share