Lyft investigates privacy abuse claim Dave Lee

North America technology reporter Published duration 26 January 2018

image copyright Reuters

Ride-sharing company Lyft, seen as Uber's biggest rival, is investigating an anonymous claim that employees were abusing customer's private data.

The allegations, posted online, suggested that employees looked at trip data of former romantic partners, or tracked famous users such as Facebook founder Mark Zuckerberg.

Lyft said it was investigating but said it had not received any specific complaints.

The story was first reported by technology news site The Information

It reported that a person claiming to have worked for Lyft used anonymous app Blind to post the allegations. There is no verification process for posting on Blind, leaving wide open the possibility that the complaint, and its supposed source, is bogus.

Regardless, Lyft said it would look into the claims which suggested employees could "check to see if their significant other actually went where they said, and stalk attractive people they've met".

'Trust of passengers'

In a statement, Lyft defended its data security measures.

"Maintaining the trust of passengers and drivers is fundamental to Lyft," spokeswoman Alexandra LaManna said in an email.

"The specific allegations in this post would be a violation of Lyft's policies and a cause for termination, and have not been raised with our legal or executive teams."

image copyright Reuters image caption The anonymous claim suggested Lyft employees tracked Mark Zuckerberg's journey

Controversy over the data collection of ride-sharing companies, and who within the firms can access it, has been under scrutiny before.

Uber will be subjected to privacy audits for the next 19 years after it was discovered its God View allowed Uber employees to track intricate details about customers' journeys.

Lyft's equivalent customer records system did not offer map-based, real-tin tracking of journeys, and access to the information within the company was limited, Lyft said.

"Access to data is restricted to certain teams that need it to do their jobs. For those teams, each query is logged and attributed to a specific individual," the company said.

"We require employees to be trained in our data privacy practices and responsible use policy, which categorically prohibit accessing and using customer data for reasons other than those required by their specific role at the company.

"Employees are required to sign confidentiality and responsible use agreements that bar them from accessing, using, or disclosing customer data outside the confines of their job responsibilities," it added.