Business Information System (MBA650)

Student Information

Name and surname Tishana Indraney Narine

Delivery date December 4, 2022

Activity: Ethical and regulatory aspects related to Business

Intelligence

1 ABOUT AIR BNB, UBER AND ETSY

Air BnB, Uber and Etsy are online two-sided platforms and are known as three of the
fastest start up internet businesses in existence. These marketplaces sought to match
suppliers of assets for tent or purchases with customer demands for them. Airbnb
matches customers with apartment, rooms or houses as short-term rentals; Uber
matches private car drivers with riders similar to a taxi; and Etsy matches buyers with
sellers of customized hand-crafted products.

2 PROBLEM STATEMENT

This assignment analyzes the aspects related to the ethical and regulatory aspects
related to the massive analysis of personal data.

Technology companies such as Google and Facebook have had to face various sanctions
in the European Union for failing to comply with regulations related to data protection
Considering these regulations in the case of the companies Airbnb, Etsy and Uber, this
assignment describes what are the basic principles that they must comply with when
processing personal data of their users. This assignment also identifies the risks derived
© MIUfrom
City University
misuse byMiami
these companies of Business Intelligence tools, which may affect
personal data and the rights of their users.

Activities 1
 Business Information System (MBA650)

3 TYPES OF DATA ACQUIRED BY AIRBNB, ETSY AND UBER

3.1 Air BnB

Airbnb stores both personal data and third-party data from and about its customers.
Delving into the sales and marketing database of Airbnb, the data stored ranges
from the customer’s preference of accommodation, customers’ well-being /
health and customer’s payment details. In the context of customer’s preference of
accommodation, Airbnb stores information such as customer’s trip destination, guest
origin, guest acquisition channel whether they are aware of Airbnb promotion
through organic/marketing campaign, number of guests, trip length, the preferred
costs per night, month of checkout, type of room, previous booking from the
customers and feedback from customers. All this information is crucial for sales and
marketing department of Airbnb to provide a better service to their customers;
working on improvements of services, going for diversification and ensuring
customers have the best experiences throughout their stay wherein they will be
engaged in brand loyalty of Airbnb. Likewise, Airbnb also stores information of
customers’ well-being such as their health status during COVID-19. This is to ensure
Airbnb could provide a supportive environment for the customers, specifically for
those who requires quarantine. Airbnb could also ensure the safety of the
properties as not to endanger the lives of existing guests or neighborhood during the
disease outbreak. Not only that, Airbnb also studies the personalization of their
customers such as their hobbies, job/occupation and entertainment preference to
give them experiences. In particular, after storing this information, Airbnb are
able to provide magazines, career guides and entertainment news on its website as
to cater the needs of the customers in which it serves as an entertainment/ education
platform. This could attract customers to visit its website to book an accommodation.
© MIU City University
Finally, AirbnbMiami
also stores customer’s payment details. This is one of the strategies to
provide convenience for customer as they do not need to key in their payment details
on their website each time they want to pay for their booking.

Activities 2
 Business Information System (MBA650)

3.2 Uber

According to Uber (n.d.), depending on how one uses the Uber platform, the contents
of the data collected are as follows:

3.2.1 Account data (Personal Data)

 Your name, email address, mobile number, rating(s), and the date you signed up
with Uber
 Referral code(s) issued by Uber
 Payment method information such as the date you created and updated a
payment method, the issuing bank’s name, billing country, and payment method
type (Visa, debit, etc.)
 Metadata about support conversations with Uber
 Communications sent between driver and rider or between delivery person and
customer

3.2.2 Rider data (Personal Data)

Your rider data includes information used to get you to your destination, such as:
 Times and locations at which a trip was requested, started, and ended, as well as
distance traveled
 Trip prices and currency
 30 days of mobile event data, such as device OS, device model, device language,
app version, and the time and location the data was collected

3.2.3 Uber Eats data (Personal Information)

Your Uber Eats data includes order history details like:

MerchantMiami
 University
© MIU City names, items ordered, prices, and the time you placed your order
 Customizations or special instructions
 30 days of mobile event data, such as device OS, device model, device language,
app version, and the time and location the data was collected

3.3 Etsy

Activities 3
 Business Information System (MBA650)

According to Etsy (2022), the following information is collected:

3.3.1 Profile (Personal Data)

You may provide your name and other personal information (such as birthday,
gender, location) in connection with your account and activity. You can edit or
remove this information through your account settings. The name associated with
your account (which you may modify in your account settings) is publicly displayed
and connected to your Etsy activity. Other members may see the date you joined;
ratings, reviews (including your display name, city and/or country) and information
relating to items you review, and related photos for items you purchased or sold;
your profile information; items you listed for sale; your shop pages and policies; your
Favorites and Collections (your saved product listings that are grouped by you),
followers, and those you follow; sold item listings and the number of items sold;
comments you post in our community spaces; and information you decide to share
via social networks (Etsy, 2022).

3.3.2 Automated Information

Etsy automatically receives and records information from your browser or your
mobile device when you visit the Site, use the Apps, or use certain features of the
Services, such as your IP address or unique device identifier, cookies, and data about
which pages you visit and how you interact with those pages in order to allow us to
operate and provide the Services.

3.3.3 Data from Etsy Vendors and Suppliers (Third party Data)

We also receive information from our vendors and suppliers about you. This
information
© MIU City can include customer service interactions, payments information,
University Miami
shipping information, and information shared in Etsy’s forums.

Based on the information on the information collected by Air BnB, Etsy and Uber, it can
be noted that some of the information are inputted by us, and others such as cookies
and IP addressed are automatically collected. Usually we do not place much focus on

Activities 4
 Business Information System (MBA650)

the automatically collected information, however, this data can be misused if we are
not protected by a data protection act which will be explored in the next section.

4 PRINCIPLES OF GENERAL DATA PROTECTION ACT

For many online based businesses, taking their business international is essential for
growth, however, this will entail getting past a major roadblock which is to comply with
the General Data Protection Regulation or GDPR, one of the most stringent data
protection laws in the world today (Accountable , 2021).

Accountable (2021) further elaborated on seven (7) principles of which the GDPR
mandates:

PRINCIPLE OF WHAT IT MEANS HOW HAS AIRBNB, GDPR COMPLIANCE BASED

THE GDPR (Accountable , 2021) ETSY AND OR UBER ON MY RESEARCH
COMPLY WITH IT YES NO

Lawfulness, The intended use of data Air BnB, ETSY and

needs to be disclosed Uber have privacy
Fairness and
clearly and efficiently in a policies stated on
Transparency way that allows the data their websites.
subject to understand These privacy 
exactly how their policies clearly
information is being disclose how and
collected and processed. why information is
being processed.

Purpose Data must be collected for The purpose for X

specified, explicit and collection of each of
Limitation
legitimate purposes and not the type of
further processed in a information for
manner that is these three
incompatible with those companies is not
purposes. specific.

Data Data must be adequate, Data is minimized to X

relevant, and limited to
Minimization a level but some
© MIU City University Miami
what is necessary in
relation to the purposes for information
which they are processed.
collected may not be
In short, the company or
individual should identify fully relevant to the
the minimum amount of
nature of the
personal data needed to
fulfil their purpose and no service.
more.

Activities 5
 Business Information System (MBA650)

Accuracy Data must be accurate and, Data is up to date. 

where necessary, kept up
to date.

Storage Data must be kept in a form The form of storage X

which permits identification is a grey area of all
Limitation
of subjects for no longer three companies.
than is necessary for the
purposes for which the
personal data are
processed.

Integrity and Data must be processed The integrity and X

using appropriate technical confidentiality of
Confidentiality
or organizational measures what each company
to ensure appropriate does with the
security, including information is
protection against questionable as it is
unauthorized or unlawful common for third
processing and accidental party agents to get
loss, destruction or personal
damage. information granted
to these companies.

Accountability Anyone who is handling Each company 

data needs to be properly appears to take
trained and fully aware of accountability for
exactly what GDPR data privacy.
compliance means.

5 RISKS FROM MISUSE OF BUSINESS INTELLIGENCE TOOLS

Processing and analyzing large volumes of data with BI tools open up organizations to
several BI security risks. Understanding and managing these vulnerabilities is an
essential part of keeping your data secure (Smallcombe, 2021)

Risks with the Main challenges Solutions

misuse of BI Tools

Analytics Software The system may ingest sensitive data that Data masking: Remove sensitive
© MIU City University Miami
is subject to regulatory compliance, which data before it reaches the BI
Processes Tons of
can lead to fines and other penalties. solution with data masking.
Data Quickly

Dependent on the When you work with cloud services, you Audit and conduct background
rely on the provider to handle essential checks on third party providers.
Security of Third-
security measures. If they don’t place
Party Providers for security as a priority, lack a security-
centric culture, or have risky policies and
procedures, your data could be in trouble.

Activities 6
 Business Information System (MBA650)

Cloud-Based BI Tools

Cloud Security Your data also faces a BI security risk Data encryption: install a SSL/TLS
when it’s on its way to the BI tool if you’re encryption which supports field-
Vulnerabilities when
not using an on-premises solution. level encryption with AWS Key
Moving Data from Cyberattacks could compromise the data Management Service. This Keeps
in several ways, resulting in data your data privacy intact while
Your Systems and
breaches, data loss, and other serious using BI tools.
Sources to the BI consequences.
Tool

Lack of Data Source If these databases, platforms, and devices Install a firewall and limit
lack protection, then an attacker could authorized access.
Security
steal, delete and alter data. They could
also use this foothold to perform other
damaging actions on your systems. For
example, the Internet of Things (IOT)
offers many types of sensors for data
collection, but some of these devices have
limited or no security at all.

6 REFERENCES

 Accountable . (31 de August de 2021). Seven Principles of the GDPR. Obtenido de

Accountable : https://www.accountablehq.com/post/principles-of-the-gdpr

 AirBnB. (10 de February de 2022). Privacy Policy. Obtenido de AirBnB:

https://www.airbnb.gy/help/article/3175

 Etsy. (22 de September de 2022). Privacy Policy. Obtenido de Etsy:

https://www.etsy.com/legal/privacy/#:~:text=This%20information%20can
%20include%20customer,and%20marketing%20partners%20about%20you.

 Smallcombe, M. (13 de May de 2021). Why Business Intelligence is a Security Risk.

Obtenido de Integrate IO: https://www.integrate.io/blog/business-intelligence-is-a-
security-risk/#:~:text=Your%20data%20also%20faces%20a,loss%2C%20and%20other
%20serious%20consequences.
© MIU City University Miami
 Uber . (13 de October de 2022). Uber Privacy Notice . Obtenido de Uber :
https://www.uber.com/legal/en/document/?country=united-
states&lang=en&name=privacy-notice

 Uber. (s.f.). What's in your Uber data download? Obtenido de Uber:

https://help.uber.com/ubereats/restaurants/article/whats-in-your-uber-data-

Activities 7
 Business Information System (MBA650)

download?nodeId=1a6b5981-3a7b-4fd8-a112-7566116ed955

 Yellow Fin. (s.f.). Top 10 Business Intelligence risks (and their solutions) (Part One).
Obtenido de Yellow Fin: https://www.yellowfinbi.com/blog/top-10-business-
intelligence-risks-and-their-solutions-part-one

© MIU City University Miami

Activities 8