Business Information System (MBA650)

Student Information

Name and surname Tishana Indraney Narine

Delivery date December 4, 2022

Activity: Ethical and regulatory aspects related to Business

Intelligence

1 ABOUT AIR BNB, UBER AND ETSY

Air BnB, Uber and Etsy are online two-sided platforms and are known as three of the
fastest start up internet businesses in existence. These marketplaces sought to match
suppliers of assets for tent or purchases with customer demands for them. Airbnb
matches customers with apartment, rooms or houses as short-term rentals; Uber
matches private car drivers with riders similar to a taxi; and Etsy matches buyers with
sellers of customized hand-crafted products.

2 PROBLEM STATEMENT

This assignment analyzes the aspects related to the ethical and regulatory aspects related
to the massive analysis of personal data.

Technology companies such as Google and Facebook have had to face various sanctions
in the European Union for failing to comply with regulations related to data protection
Considering these regulations in the case of the companies Airbnb, Etsy and Uber, this
assignment describes what are the basic principles that they must comply with when
processing personal data of their users. This assignment also identifies the risks derived
© MIU City University Miami

from misuse by these companies of Business Intelligence tools, which may affect
personal data and the rights of their users.

Activities 1
 Business Information System (MBA650)

3 TYPES OF DATA ACQUIRED BY AIRBNB, ETSY AND UBER

3.1 Air BnB

Airbnb stores both personal data and third-party data from and about its customers.
Delving into the sales and marketing database of Airbnb, the data stored ranges
from the customer’s preference of accommodation, customers’ well-being / health
and customer’s payment details. In the context of customer’s preference of
accommodation, Airbnb stores information such as customer’s trip destination, guest
origin, guest acquisition channel whether they are aware of Airbnb promotion through
organic/marketing campaign, number of guests, trip length, the preferred costs per
night, month of checkout, type of room, previous booking from the customers and
feedback from customers. All this information is crucial for sales and marketing
department of Airbnb to provide a better service to their customers; working on
improvements of services, going for diversification and ensuring customers have the
best experiences throughout their stay wherein they will be engaged in brand loyalty of
Airbnb. Likewise, Airbnb also stores information of customers’ well-being such as their
health status during COVID-19. This is to ensure Airbnb could provide a supportive
environment for the customers, specifically for those who requires quarantine. Airbnb
could also ensure the safety of the properties as not to endanger the lives of existing
guests or neighborhood during the disease outbreak. Not only that, Airbnb also studies
the personalization of their customers such as their hobbies, job/occupation and
entertainment preference to give them experiences. In particular, after storing this
information, Airbnb are able to provide magazines, career guides and entertainment
news on its website as to cater the needs of the customers in which it serves as an
entertainment/ education platform. This could attract customers to visit its website to
book an accommodation. Finally, Airbnb also stores customer’s payment details. This is
© MIU City University Miami

one of the strategies to provide convenience for customer as they do not need to key
in their payment details on their website each time they want to pay for their booking.

Activities 2
 Business Information System (MBA650)

3.2 Uber

According to Uber (n.d.), depending on how one uses the Uber platform, the contents
of the data collected are as follows:

3.2.1 Account data (Personal Data)

• Your name, email address, mobile number, rating(s), and the date you signed up
with Uber
• Referral code(s) issued by Uber
• Payment method information such as the date you created and updated a
payment method, the issuing bank’s name, billing country, and payment method
type (Visa, debit, etc.)
• Metadata about support conversations with Uber
• Communications sent between driver and rider or between delivery person and
customer

3.2.2 Rider data (Personal Data)

Your rider data includes information used to get you to your destination, such as:
• Times and locations at which a trip was requested, started, and ended, as well as
distance traveled
• Trip prices and currency
• 30 days of mobile event data, such as device OS, device model, device language,
app version, and the time and location the data was collected

3.2.3 Uber Eats data (Personal Information)

Your Uber Eats data includes order history details like:

• Merchant names, items ordered, prices, and the time you placed your order
© MIU City University Miami

• Customizations or special instructions

• 30 days of mobile event data, such as device OS, device model, device language,
app version, and the time and location the data was collected

3.3 Etsy

According to Etsy (2022), the following information is collected:

Activities 3
 Business Information System (MBA650)

3.3.1 Profile (Personal Data)

You may provide your name and other personal information (such as birthday, gender,
location) in connection with your account and activity. You can edit or remove this
information through your account settings. The name associated with your account
(which you may modify in your account settings) is publicly displayed and connected
to your Etsy activity. Other members may see the date you joined; ratings, reviews
(including your display name, city and/or country) and information relating to items
you review, and related photos for items you purchased or sold; your profile
information; items you listed for sale; your shop pages and policies; your Favorites and
Collections (your saved product listings that are grouped by you), followers, and those
you follow; sold item listings and the number of items sold; comments you post in our
community spaces; and information you decide to share via social networks (Etsy,
2022).

3.3.2 Automated Information

Etsy automatically receives and records information from your browser or your mobile
device when you visit the Site, use the Apps, or use certain features of the Services,
such as your IP address or unique device identifier, cookies, and data about which
pages you visit and how you interact with those pages in order to allow us to operate
and provide the Services.

3.3.3 Data from Etsy Vendors and Suppliers (Third party Data)

We also receive information from our vendors and suppliers about you. This
information can include customer service interactions, payments information,
© MIU City University Miami

shipping information, and information shared in Etsy’s forums.

Based on the information on the information collected by Air BnB, Etsy and Uber, it can
be noted that some of the information are inputted by us, and others such as cookies
and IP addressed are automatically collected. Usually we do not place much focus on the
automatically collected information, however, this data can be misused if we are not
protected by a data protection act which will be explored in the next section.

Activities 4
 Business Information System (MBA650)

4 PRINCIPLES OF GENERAL DATA PROTECTION ACT

For many online based businesses, taking their business international is essential for
growth, however, this will entail getting past a major roadblock which is to comply with
the General Data Protection Regulation or GDPR, one of the most stringent data
protection laws in the world today (Accountable , 2021).

Accountable (2021) further elaborated on seven (7) principles of which the GDPR
mandates:

PRINCIPLE OF WHAT IT MEANS HOW HAS AIRBNB, GDPR COMPLIANCE BASED

THE GDPR (Accountable , 2021) ETSY AND OR UBER ON MY RESEARCH
COMPLY WITH IT YES NO

Lawfulness, The intended use of data Air BnB, ETSY and

needs to be disclosed clearly
Fairness and
and efficiently in a way that
Transparency allows the data subject to
understand exactly how
their information is being
collected and processed.
Uber have privacy
policies stated on
their websites.
These privacy ✓
policies clearly
disclose how and
why information is
being processed.

Purpose Data must be collected for The purpose for X

specified, explicit and collection of each of
Limitation
legitimate purposes and not the type of
further processed in a information for
manner that is these three
incompatible with those companies is not
purposes. specific.

Data Data must be adequate, Data is minimized to X

relevant, and limited to
Minimization a level but some
what is necessary in relation
to the purposes for which information
they are processed. In short,
collected may not be
the company or individual
should identify the fully relevant to the
© MIU City University Miami

minimum amount of
nature of the
personal data needed to
fulfil their purpose and no service.
more.

Accuracy Data must be accurate and, Data is up to date. ✓

where necessary, kept up
to date.

Activities 5
 Business Information System (MBA650)

Storage Data must be kept in a form The form of storage X

which permits identification is a grey area of all
Limitation
of subjects for no longer three companies.
than is necessary for the
purposes for which the
personal data are
processed.

Integrity and Data must be processed The integrity and X

using appropriate technical
Confidentiality
or organizational measures
to ensure appropriate
security, including
protection against
unauthorized or unlawful
processing and accidental
loss, destruction or damage.
Accountability Anyone who is handling
data needs to be properly
trained and fully aware of
exactly what GDPR
compliance means.
confidentiality of
what each company
does with the
information is
questionable as it is
common for third
party agents to get
personal
information granted
to these companies.
Each company ✓
appears to take
accountability for
data privacy.

5 RISKS FROM MISUSE OF BUSINESS INTELLIGENCE TOOLS

Processing and analyzing large volumes of data with BI tools open up organizations to
several BI security risks. Understanding and managing these vulnerabilities is an essential
part of keeping your data secure (Smallcombe, 2021)

Risks with the Main challenges Solutions

misuse of BI Tools

Analytics Software The system may ingest sensitive data that Data masking: Remove sensitive
is subject to regulatory compliance, which data before it reaches the BI
Processes Tons of
can lead to fines and other penalties. solution with data masking.
Data Quickly

Dependent on the When you work with cloud services, you Audit and conduct background
rely on the provider to handle essential checks on third party providers.
Security of Third-
© MIU City University Miami

security measures. If they don’t place

Party Providers for security as a priority, lack a security-
centric culture, or have risky policies and
Cloud-Based BI Tools
procedures, your data could be in trouble.
Cloud Security Your data also faces a BI security risk Data encryption: install a SSL/TLS
when it’s on its way to the BI tool if you’re encryption which supports field-
Vulnerabilities when
not using an on-premises solution. level encryption with AWS Key
Moving Data from Cyberattacks could compromise the data Management Service. This Keeps
in several ways, resulting in data
Your Systems and

Activities 6
 Business Information System (MBA650)

Sources to the BI breaches, data loss, and other serious your data privacy intact while
consequences. using BI tools.
Tool

Lack of Data Source If these databases, platforms, and devices Install a firewall and limit
lack protection, then an attacker could authorized access.
Security
steal, delete and alter data. They could
also use this foothold to perform other
damaging actions on your systems. For
example, the Internet of Things (IOT)
offers many types of sensors for data
collection, but some of these devices have
limited or no security at all.

6 REFERENCES

▪ Accountable . (31 de August de 2021). Seven Principles of the GDPR. Obtenido de

Accountable : https://www.accountablehq.com/post/principles-of-the-gdpr

▪ AirBnB. (10 de February de 2022). Privacy Policy. Obtenido de AirBnB:

https://www.airbnb.gy/help/article/3175

▪ Etsy. (22 de September de 2022). Privacy Policy. Obtenido de Etsy:

https://www.etsy.com/legal/privacy/#:~:text=This%20information%20can%20includ
e%20customer,and%20marketing%20partners%20about%20you.

▪ Smallcombe, M. (13 de May de 2021). Why Business Intelligence is a Security Risk.

Obtenido de Integrate IO: https://www.integrate.io/blog/business-intelligence-is-a-
security-
risk/#:~:text=Your%20data%20also%20faces%20a,loss%2C%20and%20other%20seri
ous%20consequences.

▪ Uber . (13 de October de 2022). Uber Privacy Notice . Obtenido de Uber :

https://www.uber.com/legal/en/document/?country=united-
states&lang=en&name=privacy-notice
© MIU City University Miami

▪ Uber. (s.f.). What's in your Uber data download? Obtenido de Uber:

https://help.uber.com/ubereats/restaurants/article/whats-in-your-uber-data-
download?nodeId=1a6b5981-3a7b-4fd8-a112-7566116ed955

Activities 7
 Business Information System (MBA650)

▪ Yellow Fin. (s.f.). Top 10 Business Intelligence risks (and their solutions) (Part One).
Obtenido de Yellow Fin: https://www.yellowfinbi.com/blog/top-10-business-
intelligence-risks-and-their-solutions-part-one
© MIU City University Miami

Activities 8