What Sharing Economy Companies (and their In-House Counsel) Need to Know about Personal Data & Privacy

Topics: Celesq, Corporate Legal, Cybersecurity, Data Analytics, Law Firms, Legal Innovation, Midsize Law Firms Blog Posts

PMI

Companies in the sharing economy — such as Uber, Lyft, AirBnB, TaskRabbit and many others — are credited with lowering barriers to economic participation for millions of people, allowing them to share their cars, homes, skills and assets with others. Of course, these companies are also gaining access to massive amounts of private personal data provided by their site users, including driving records, financial information and criminal history.

While many of these companies are established brands with strong internal systems to collect and store this data according to regulations, many others are start-ups that may not have the experience or the bandwidth to properly handle all this sensitive material.

On April 21, Daniel T. Rockey, a partner in the San Francisco office of Bryan Cave LLP, will host a web cast,What In-House Counsel Need to Know about Data Privacy in the Sharing Economy”, that will focus on some of the key privacy issues facing sharing economy companies and strategies for how their in-house counsel can reduce the legal risks involved.

Legal Executive Institute recently spoke to Rockey about these issues and how in-house counsel at sharing economy companies can best address them.

Legal Executive Institute: In regards to data collection and storage, what do sharing economy companies face?

Daniel Rockey: While, in some ways sharing economy companies are like any other company that has a variety of data privacy issues, there are some unique aspects that would be of interest to in-house counsel. For example, in order to thrive, sharing economy companies must establish trust among their users. Not only do these companies have to do a lot of up-front collecting of information, but there are also privacy issues in terms of the use of that information.

Because of the nature of their businesses, I think these companies need to focus very carefully about what data they are going to collect, how the company is going to use that information, what can they share and what they can’t.

Legal Executive Institute: It sounds like pre-planning is key. What other issues do the legal departments of these companies need to keep in mind?

Daniel Rockey: You’re also going to want to have rules on what kinds of information you will provide when requested. For example, a lot of these are frequent targets for law enforcement subpoena. If law enforcement is doing an investigation and know that an individual drives for Uber, for example, they may subpoena for a record of any ride that is given on a certain day or days.


“Because of the nature of their businesses, I think these companies need to focus very carefully about what data they are going to collect, how the company is going to use that information, what can they share and what they can’t.”


A company is also going to have think about and establish a policies for what they are willing to share and under what circumstances. How long should companies retain this data? Some data they’ll have to keep on file forever. There’re a whole host of things that in-house counsel need to do to really think through these issues very carefully.

Legal Executive Institute: What about other uses for this data that the company may consider?

Daniel Rockey: That will be company-specific in terms of how valuable that data is for other purposes and how the company is going to use it. I think all that goes back to the privacy policy: If you’re going to use data analytics, you’re going to want to disclose that to your users. If you’re going to share data with third parties who are going to help you analyze it, you want to make clear disclosures about that in your privacy policy.

Legal Executive Institute: What do you hope attendees learn from this webinar?

Daniel Rockey: I think the main takeaway is that the legal departments of sharing economy companies need to focus on building-in privacy by design. They need to start from a good framework and a good privacy policy, and they need to obviously appreciate that they’re going to be collecting massive amounts of data on an ongoing basis. They need to make sure that they prepare properly.

In-house counsel will also want to make sure that the business side of the company is aware of these issues, and is integrated and working in cooperation with the legal department. That way, when a big business initiative is launched everyone can be sure that the company is considering the impact on user privacy.