In a troubling incident, Anvi Ahuja, a Toronto resident, was left bewildered. She received a text message containing a transcript of a conversation she had with her roommates during a Lyft ride. The message, which appeared shortly after she arrived at her downtown apartment on March 11, came from an unknown number. To Ahuja’s surprise, the text was a verbatim account of her conversation. This raised significant privacy concerns about the company’s data handling practices.
“I was like ‘who is tapping me?” Ahuja said. “The driver didn’t inform us that we could be recorded.” After receiving the text, Ahuja tried to reach the sender, only to be greeted by a standard automated message saying, “We can’t connect your call because your driver is not available right now.”
Confused and concerned, Ahuja immediately contacted Lyft. Initially, she was told by a representative that the incident was part of a new pilot program. However, after further investigation, Lyft clarified that the incident was not related to this pilot. Instead, it resulted from an accidental phone interaction. The company’s response was that “proper actions” were taken against the driver who allegedly recorded her without her consent.
Ahuja expressed her discomfort, pointing out the lack of transparency in such situations. “These ride-sharing apps are big companies and people have a lot of sensitive conversations within cabs and they feel like they’re secure,” she said. “To know that nothing — even beyond our app experience — in the real world is secure anymore is really freaky and uncomfortable to me.”
Lyft’s Response and Investigation
Lyft has since acknowledged the incident, but offered different explanations. Initially, the company confirmed that it is running an audio recording pilot program in select U.S. cities. The program is designed to help resolve security issues by recording and transcribing ride conversations. However, Lyft emphasized that the Canadian incident was not part of this program.
In an updated statement, Lyft offered a possible reason for the mishap. It explained that the text could have been sent due to “an accidental phone activity between the driver’s and rider’s phones.” This occurred via masked numbers. Lyft suggested that a “pocket dial” might have occurred. Alternatively, an accidental recording could have caused the transcript to be sent to Ahuja’s phone.
Privacy and Consent Concerns in Canada
The incident raises critical questions about privacy laws, particularly in Canada. Under Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), businesses like Lyft must obtain informed consent from customers. This consent is required before collecting, using, or sharing their personal information. Anaïs Bussières McNicoll, interim director of the privacy, technology, and surveillance program at the Canadian Civil Liberties Association, emphasized the need for clear communication with customers. She also stressed the importance of informing them about data collection practices.
“Passengers not only have to be notified that they’re being recorded, they also need to be told for what specific purpose they’re being recorded,” McNicoll explained. “They would definitely need to obtain passengers’ meaningful consent, informed consent, and that includes being specific about how the data is going to be collected, how it’s going to be used, how long it’s going to be retained, how it’s going to be destroyed.”
Ahuja’s experience has sparked broader concerns about privacy in the ride-sharing industry. “Some sort of recording software was used in the car — that in itself is a breach of my privacy,” she said. “Even if I’m one of the very few people that experienced this, I’m still concerned about what happens to our data and our privacy — which is a responsibility that Lyft has to its customers.”
