Protecting Privacy and People Using Airbnb to Go on Vacation

Protecting Privacy and People Using Airbnb to Go on Vacation

Last month, Attorney General Schneiderman made waves when he subpoenaed data on 15,000 New York City-based users of Airbnb, the service best known for allowing people to rent out their spare bedrooms or their homes while on vacation. The Attorney General is seeking to identify local landlords that are using Airbnb’s service to regularly rent vacant apartments as illegal hotels without paying the appropriate taxes. Certainly, Mr. Schneiderman has an obligation to uphold the law, and he is within his rights to crack down on illegal hotels and tax evaders. He also has every right  to require the assistance of Airbnb in that pursuit, but the Attorney General should be mindful of the potential harms his overbroad subpoena may inflict both to Internet commerce and to individual liberty.

At the Future of Privacy Forum, we were surprised by the breadth of Mr. Schneiderman’s request for information. The demand isn’t just for the small number of users who might be abusing the system, but for information revealing the vacation habits of thousands of New Yorkers. The subpoena demands residents’ names and contact information, dates of guest stays, rates charged, and any communications between users and Airbnb about tax issues. That’s a lot of very personal information to be placing into government hands, particularly where, as here, there is no clear evidence of any user wrong-doing.

Airbnb has challenged the subpoena, arguing that it is overbroad and that the Attorney General is basically trying to begin an investigative “fishing expedition.” On Friday, the company received additional support from a number of technology organizations. The Internet Association filed an amicus brief in support of quashing the state’s subpoena. Its brief argues that innovation and technological disruption can place regulators on the defensive, collecting as much information as possible without coming to grips about the state of the law itself. CDT and EFF also filed a brief that highlights both the overreaching nature of the subpoena and the need for courts to carefully review government information requests about large numbers of Internet users.

We agree.  We don’t think that companies get a pass to avoid the law, just because they do business via the internet. But regulators need to understand that investigative efforts that target companies that hold user data need to be appropriately narrowed and targeted.  Wide grabs of consumer data by well-meaning regulators can have a serious impact on consumer privacy. Internet companies, ranging from Airbnb to giants like Google, rely on user trust to deliver their services.  Every day, we exchange copious amounts of personal data in exchange for services because we trust companies to protect our information. Part of that unspoken agreement is that user information will be reasonably protected from unwarranted government intrusions. In the past, when the federal government subpoenaed Amazon.com for information on the reading habits of its customers, the judge criticized the request as “Orwellian.” He wrote, “If word were to spread over the Net – and it would –  that the FBI and the IRS had demanded and received Amazon’s list of customers and their personal purchases, the chilling effect on expressive e-commerce would frost keyboards across America.”

In addition to undermining internet commerce, these types of data requests can also have a chilling effect on individual behavior. Already, people have removed their apartments from Airbnb’s listings for fear of having the Attorney General knock on their door. This hurts not only Airbnb, but also individuals looking for a temporary bed in New York City, a notoriously expensive destination. Of course, protective orders can be put in place to limit Mr. Schneiderman’s use of Airbnb’s data, but breaches and leaks happen and privacy risks remain.

If the Attorney General’s Office truly wants to capture the likely abusers of the Airbnb services, there are any number of categories of information it could seek from Airbnb that might more narrowly target New Yorkers running what are defacto illegal hotels. For example, individuals that use Airbnb as a part of their rental business can make tens of thousands of dollars per year. Mr. Schneiderman could seek information about users who have made more than a certain amount a year from renting their apartments. Or he could look at high-frequency users, subpoenaing information about users who have rented out their apartments an unusually large number of  times in the last year. These categories of information would help the Attorney General zero in on problematic users without invading the privacy of thousands of New Yorkers and chilling an innovative business model that benefits consumers.

Comments

Posted On
Nov 15, 2013
Posted By
Dan

Gotta say, usually I agree with you (privacy advocates) on these kinds of issues but I think even if it is a fishing expedition, it is totally warranted. I don’t claim to know the tax laws of NY but certainly in Ontario or Quebec any income made off this type of transaction is taxable income. I think it’s reasonable to assume that the vast majority of Airbnb users are failing to report it on their taxes and for this reason alone, this seems like reasonable information to request. In fact, I’m a little surprised that Airbnb isn’t already obligated to report it.

Thoughts?

Leave a Reply


Privacy Calendar

Sep
15
Mon
all-day Big Data: A Tool for Inclusion or Exclusion? @ Constitution Center
Big Data: A Tool for Inclusion o… @ Constitution Center
Sep 15 all-day
The Federal Trade Commission will host a public workshop entitled “Big Data: A Tool for Inclusion or Exclusion?” in Washington on September 15, 2014, to [...]
Sep
17
Wed
all-day IAPP Privacy Academy and CSA Congress 2014 @ San Jose Convention Center
IAPP Privacy Academy and CSA Con… @ San Jose Convention Center
Sep 17 – Sep 19 all-day
This fall, the International Association of Privacy Professionals (IAPP) and Cloud Security Alliance (CSA) are bringing together the IAPP Privacy Academy and the CSA Congress [...]
Oct
21
Tue
6:00 pm Consumer Action’s 43rd Annual Awards Reception @ Google
Consumer Action’s 43rd Annual Aw… @ Google
Oct 21 @ 6:00 pm – 8:00 pm
To mark its 43rd anniversary, Consumer Action’s Annual Awards Reception on October 21, 2014, will celebrate the theme of “Train the Trainer.” Through the power of [...]
Jan
28
Wed
all-day Data Privacy Day
Data Privacy Day
Jan 28 all-day
“Data Privacy Day began in the United States and Canada in January 2008, as an extension of the Data Protection Day celebration in Europe. The [...]
Jan
28
Thu
all-day Data Privacy Day
Data Privacy Day
Jan 28 all-day
“Data Privacy Day began in the United States and Canada in January 2008, as an extension of the Data Protection Day celebration in Europe. The [...]

View Calendar