Protecting Privacy and People Using Airbnb to Go on Vacation

Protecting Privacy and People Using Airbnb to Go on Vacation

Last month, Attorney General Schneiderman made waves when he subpoenaed data on 15,000 New York City-based users of Airbnb, the service best known for allowing people to rent out their spare bedrooms or their homes while on vacation. The Attorney General is seeking to identify local landlords that are using Airbnb’s service to regularly rent vacant apartments as illegal hotels without paying the appropriate taxes. Certainly, Mr. Schneiderman has an obligation to uphold the law, and he is within his rights to crack down on illegal hotels and tax evaders. He also has every right  to require the assistance of Airbnb in that pursuit, but the Attorney General should be mindful of the potential harms his overbroad subpoena may inflict both to Internet commerce and to individual liberty.

At the Future of Privacy Forum, we were surprised by the breadth of Mr. Schneiderman’s request for information. The demand isn’t just for the small number of users who might be abusing the system, but for information revealing the vacation habits of thousands of New Yorkers. The subpoena demands residents’ names and contact information, dates of guest stays, rates charged, and any communications between users and Airbnb about tax issues. That’s a lot of very personal information to be placing into government hands, particularly where, as here, there is no clear evidence of any user wrong-doing.

Airbnb has challenged the subpoena, arguing that it is overbroad and that the Attorney General is basically trying to begin an investigative “fishing expedition.” On Friday, the company received additional support from a number of technology organizations. The Internet Association filed an amicus brief in support of quashing the state’s subpoena. Its brief argues that innovation and technological disruption can place regulators on the defensive, collecting as much information as possible without coming to grips about the state of the law itself. CDT and EFF also filed a brief that highlights both the overreaching nature of the subpoena and the need for courts to carefully review government information requests about large numbers of Internet users.

We agree.  We don’t think that companies get a pass to avoid the law, just because they do business via the internet. But regulators need to understand that investigative efforts that target companies that hold user data need to be appropriately narrowed and targeted.  Wide grabs of consumer data by well-meaning regulators can have a serious impact on consumer privacy. Internet companies, ranging from Airbnb to giants like Google, rely on user trust to deliver their services.  Every day, we exchange copious amounts of personal data in exchange for services because we trust companies to protect our information. Part of that unspoken agreement is that user information will be reasonably protected from unwarranted government intrusions. In the past, when the federal government subpoenaed for information on the reading habits of its customers, the judge criticized the request as “Orwellian.” He wrote, “If word were to spread over the Net – and it would –  that the FBI and the IRS had demanded and received Amazon’s list of customers and their personal purchases, the chilling effect on expressive e-commerce would frost keyboards across America.”

In addition to undermining internet commerce, these types of data requests can also have a chilling effect on individual behavior. Already, people have removed their apartments from Airbnb’s listings for fear of having the Attorney General knock on their door. This hurts not only Airbnb, but also individuals looking for a temporary bed in New York City, a notoriously expensive destination. Of course, protective orders can be put in place to limit Mr. Schneiderman’s use of Airbnb’s data, but breaches and leaks happen and privacy risks remain.

If the Attorney General’s Office truly wants to capture the likely abusers of the Airbnb services, there are any number of categories of information it could seek from Airbnb that might more narrowly target New Yorkers running what are defacto illegal hotels. For example, individuals that use Airbnb as a part of their rental business can make tens of thousands of dollars per year. Mr. Schneiderman could seek information about users who have made more than a certain amount a year from renting their apartments. Or he could look at high-frequency users, subpoenaing information about users who have rented out their apartments an unusually large number of  times in the last year. These categories of information would help the Attorney General zero in on problematic users without invading the privacy of thousands of New Yorkers and chilling an innovative business model that benefits consumers.


Posted On
Nov 15, 2013
Posted By

Gotta say, usually I agree with you (privacy advocates) on these kinds of issues but I think even if it is a fishing expedition, it is totally warranted. I don’t claim to know the tax laws of NY but certainly in Ontario or Quebec any income made off this type of transaction is taxable income. I think it’s reasonable to assume that the vast majority of Airbnb users are failing to report it on their taxes and for this reason alone, this seems like reasonable information to request. In fact, I’m a little surprised that Airbnb isn’t already obligated to report it.


Leave a Reply

Privacy Calendar

all-day Global Privacy Summit 2015
Global Privacy Summit 2015
Mar 4 – Mar 6 all-day
For more information, click here.
6:00 pm CDT Annual Dinner “TechProm” 2015
CDT Annual Dinner “TechProm” 2015
Mar 10 @ 6:00 pm – 9:00 pm
Featuring the most influential minds of the tech policy world, CDT’s annual dinner, TechProm, highlights the issues your organization will be facing in the future and provides the networking opportunities that can help you tackle[...]
all-day BCLT Privacy Law Forum
BCLT Privacy Law Forum
Mar 13 all-day
This program will feature leading academics and practitioners discussing the latest developments in privacy law. UC Berkeley Law faculty and conference panelists will discuss cutting-edge scholarship and explore ‘real world’ privacy law problems. Click here[...]
all-day PL&B’s Asia-Pacific Roundtable (...
PL&B’s Asia-Pacific Roundtable (...
May 27 all-day
PROFESSOR GRAHAM GREENLEAF, Asia-Pacific Editor, Privacy Laws & Business International Report, will lead a roundtable on the countries of most interest to business in the Asia-Pacific region. Click here for more information.
all-day PL&B’s 28th Annual International...
PL&B’s 28th Annual International...
Jul 6 – Jul 8 all-day
The Privacy Laws & Business 27th Annual International Conference featured more than 40 speakers and chairs from many countries over 3 intensive days. At the world’s longest running independent international privacy event participants gained professionally by[...]
all-day Data Privacy Day
Data Privacy Day
Jan 28 – Jan 29 all-day
“Data Privacy Day began in the United States and Canada in January 2008, as an extension of the Data Protection Day celebration in Europe. The Day commemorates the 1981 signing of Convention 108, the first[...]
all-day Data Privacy Day
Data Privacy Day
Jan 28 – Jan 29 all-day
“Data Privacy Day began in the United States and Canada in January 2008, as an extension of the Data Protection Day celebration in Europe. The Day commemorates the 1981 signing of Convention 108, the first[...]

View Calendar