I work as a data scientist and often talk to unions and people in the public administration about data, and I agree that data which companies like Uber, Airbnb or Fedex generate can be very interesting for things like optimizing public infrastructure or salary negotiations. I can perfectly understand why companies don't want to publish this data (as it's a valuable asset and contains a lot of potentially sensitive insights about the company), but you have to weigh this against the benefit to the public that the data could generate.
I think it's not unlikely that we will see new legislation soon which will oblige companies to make some of their data available to the public or at least public organizations so that they can be used for public good. In fact this wouldn't be unprecedented, and nothing that would be (IMHO) very detrimental to these companies.
I don't disagree that this data would be beneficial to the public, but I don't think government should have the right to tell a private organization that they need to hand out their data to whoever wants it.
Over regulation kills business; maybe not companies like Uber, but smaller companies that are still trying to get off the ground.
I don't disagree that this data would be beneficial to the public, but I don't think government should have the right to tell a private organization that they need to hand out their data to whoever wants it.
As a "private organization", Uber of course doesn't have to do anything.
But if it wants to operate a business on NYC's streets on a (massive) scale -- well, that's a privilege, not a right. And if they want access to that privilege, they're gonna have to play by the rules as set forth by the city's voters and their elected representatives. Who have a vested in interest having reliable access to that data for well, a whole bunch of pretty obvious reasons.
It's called "rule of law", a concept which Uber has demonstrated considerable difficult in understanding thus far. Once they do, we can perhaps have a conversation about whether certain regulations are really useful or necessary or not. But it needs to be based on the pragmatic merits (or lack thereof) of those regulations. Arguments on the basis of "they're a private organization; you have not right to tell them what to do" just don't hold a lot of water in these contexts.
This is a slippery slope.
No, it's just life in the big city. And it's about time Uber got used to it.
Arguments on the basis of "they're a private organization; you have not right to tell them what to do" just don't hold a lot of water in these contexts.
Forcing an organization to do something is a big deal because, unless you are specific about when and what kind of data you can force a private company to disclose, it can be abused. This is why such arguments are important.
But if it wants to operate a business on NYC's streets on a (massive) scale -- well, that's a privilege, not a right.
It actually is not a privilege, it is a right. Conducting business is a First Amendment right. In fact, this is a dangerous argument: if conducting business is a privilege, couldn't the government decide which businesses it likes and it doesn't like? The use of New York's streets is indeed a privilege, but that is already paid for by road taxes - anything more than that is just double dipping.
It's called "rule of law", a concept which Uber has demonstrated considerable difficult in understanding thus far.
Let's leave the attacks out of this - replace Uber with any other company and you have the same set of issues to discuss. Instead, let's just focus on the merits of the idea of government coercion of a private company to release data.
If this data was truly beneficial to the public, couldn't the government buy it from the company through a voluntary transaction, paid for by taxpayers? The company can decide whether or not they wish to sell that information. The only reason a company would refuse to sell anonymized information is if they think the data is important to their competitive success.
It actually isn't a right legally. You can absolutely have your driver's license taken away and the government has the right to regulate usage in many ways. If you're confused about this, try driving the wrong direction for a lane long enough and see what happens to you.
Conducting business (i.e. running an enterprise) is absolutely a right. Obviously if your business involves breaking the law, the business owners shall be reprimanded, but that's separate from OP's assertion that operating business on NYC's streets is a privilege and not a right.
Using government provided resources, like roads, for your business is not a right. You seem confused, so you should try setting up a stand on fifth avenue without a permit and see how quickly the police remove you.
Try driving the wrong direction for a lane long enough and see what happens to you.
Or, for that matter, setting up a pop-up restaurant in the middle of Central Park somewhere. Because, you know, the foot traffic and all the opportunity.
After all, "conducting business" is your "absolute right", so why not?
I'm a big fan of the First Amendment, but I'm not following your argument here.
The amendment reads: "Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances."
Furthermore, the framers of the Constitution wrote the Commerce Clause, specifically giving Congress the ability to regulate how businesses conduct themselves (albeit in a limited way).
Do you have a court case in mind that provides more insight here?
This whole discussion could also call into question the idea of corporate personhood, but that's another can of worms. :)
I don't think anybody is disputing that regulation is allowed and useful, but we should also be questioning all regulation to ensure that the government isn't overreaching.
By this logic what's stopping government to demand everyone's online history from Facebook or the phone companies? After all government own the airwaves.
As said, it all comes down to the merits of the specific regulations (and implicitly, how they jibe with the constitution and existing legislation).
But as to the principled, absolutist counterargument that was offered: "they're a private organization; you can't tell them what to do! you just can't!" -- well sorry, but that's not how things work.
No offense, but they can and they do get that, routinely. You go to a judge, get a warrant, and you get pretty nearly anything you want. Similarly, there exist licensure and reporting requirements for taxi and hotel companies, for really good reasons (whose car is your wife/daughter/girlfriend getting in at two am? Is there a fire escape in that hotel? Are there bedbugs?), that Uber and AirBnB, among many others, are thus far shirking. For now-- it's only a matter of time.
There's nothing stopping them from doing that. Governments are sovereign, businesses and citizens are not. NYC is owned by the government. If you want access you play by their rules
> But if it wants to operate a business on NYC's streets on a (massive) scale -- well, that's a privilege, not a right. And if they want access to that privilege, they're gonna have to play by the rules as set forth by the city's voters and their elected representatives.
I get that a business doesn't have the same rights as a person, but do we really want to be crafting a maze of one-off rules for every company just because each of them have something special that we don't want to pay them for?
afaik, Uber makes money selling some of this data to municipalities.
But do we really want to be crafting a maze of one-off rules for every company just because each of them have something special that we don't want to pay them for?
I don't know, and won't pretend to know. Again, it all comes down to the merits. One might very well make the case that companies should be compensated for providing data in some cases.
I was objecting solely to the "business rights" aspect some people were bringing up (and which comes up continuously in discussions about regulation and business ethics generally, here) -- which we seem to be roughly on the same page on.
I don't know why you're getting downvoted, those who agree or not, your point is constructive.
Why should a government be able to coerce a private organization into providing data? How do you define data? At least in the US, I can think of 2 amendments that would be violated by such action (is data speech? can you be forced to self incriminate?).
There are so many things that the government can force an individual or a business to do in the name of public good, but we can agree that many of those things count as government overreach, why not this?
Why should a government be able to coerce a private organization into providing data?
Perhaps when it is benefiting from public infrastructure in the activities that generate that data? Not sure where I come down on this one but it isn't a crazy argument.
We already pay for the public infrastructure through taxation. If the degree of taxation isn't suitable given the degree of use, there could be a corporate tax rate (I wouldn't support that, but it isn't unheard of).
This does not, however, give the government a blank check on an individual or a business's rights. We don't barter our rights for public benefits - we pay for them through taxation.
Agreed. It seems that this is just because there's some precedence with the taxis, but that doesn't mean it should be expanded.
If Uber wanted to sell or give away data, properly anonymized and in accordance with their terms of service, that seems fine to me. But it's potentially quite valuable to Uber even in this state, and it doesn't really make sense to require a business to give them this data, any more than it would be to require other data-driven companies to do so. If it's not for public safety or something of that nature, I don't see why the government should really care.
If it's not for public safety or something of that nature, I don't see why the government should really care.
Aside from public safety, there's a whole lot of reasons -- from measuring how efficient these services really are (in a rapidly changing transportation landscape) to ensuring truly open and fair competition among potential providers -- for which regulators (and the public generally) might have an interest in this data.
I'm not saying that they should be obliged to hand out all their data, just some of it. Example:
We obviously wouldn't want the public to have access to personally identifiable data like GPS movements captured by phones, as this kind of data is highly sensitive. But having access to aggregated, (properly) anonymized data would be sufficient for many things, e.g. to see where local traffic hot spots are and how people commute to work. Giving out this data does not compromise privacy (if done right) and has a very little risk of harming the company that generated it.
The problem though is that people are effectively made to work for free if the government can order any organization to publish their private information. The government is forcing socialism on the upside and capitalism on the downside.
Almost all information/research would serve a "public good" if it was converted from private to public. If the government forced an investment firm to reveal which companies they thought were the most undervalued in a market, many people would benefit from that knowledge. The question is, what right and what incentive structure promotes the generation of that knowledge. Theft is certainly not a structure that generates it long term.
The problem though is that people are effectively made to work for free if the government can order any organization to publish their private information.
But they're not doing that work for "free". They're doing in exchange for the privilege of being able to run a large-scale business on one of the most highly-trafficked street grids on the planet. Which in turn certainly doesn't exactly come for "free" (and in fact costs many billions of dollars per year to run, involving thousands and thousands of people who certainly don't work for fee either), now does it.
So Uber says they don't want to pay for that privilege? That they'd rather not have to comply with regulations (like every other business operator in any other damn category you can think of) because they're... special?
That's fine, of course -- they just don't have to do business in NYC, then.
If they don't want to share sensitive data such as GPS tracks they oughtn't to store it. From the end user's perspective, the stored data is still available via subpoena, leaks etc
Perhaps, but currently such services do not make that data available to the general public and users have been operating with that knowledge. If that gets retroactively changed by a local government, I'd say that government is the most at fault.
It doesn't seem like data is currently treated like other property, at least in public policy discussions. I imagine this will eventually change as data becomes an even larger segment of the economy. I'm sure people would have stronger feelings about a tax on Uber rides or a seizure of Uber's physical property, but a government demand for data doesn't seem to be thought of as a tax or seizure. Of course, this data is valuable and a large part of that value derives from it being proprietary, so if the city gets its way, Uber will effectively be paying a special tax to operate in NYC, just in the form of data. I'm not making any statement of value about the policy, just noting that this is not simply an issue of regulatory compliance but is also a transfer of (potentially) valuable property from Uber to NYC.
"Meaningful use" legislation in the US healthcare industry already mandates the release of certain data that helps with public health surveillance - in fact, it was one of the major goals of those regulations (as well as advancing the state of healthcare tech, enabling health information exchanges and interoperability).
For example, see this article which talks about how "meaningful use" legislation enables cancer surveillance via provider reporting to cancer data registries:
https://www.cdc.gov/cancer/npcr/meaningful_use.htm
If there is legislation that makes it manditory to release private data one of the first issues would be how to even define what data should be published and how often.
The second issue is that there is a nontrivial cost to making data public. And since you are a business most often you might get low quality datasets that either would take real effort to clean or extract knowledge and who is going to do that?
For public organizations we already have legislation that obliges them to publish their data (or at least we're getting there, like currently in Germany), so it wouldn't be so difficult to take this and adapt it for private companies.
And sure cleaning and publishing this data would take effort, for which one could compensate the companies though. And as there is often just no way for the public hand to generate this kind of data, I think we will definitely see some legislation in this area very soon.
Also, tax law requires a company to hand over information such as invoices. And since drivers are contractors (thus not employed by Uber), I only think it is consistent that the government gets information on the work performed by them.
Just imagine the public good to be found in Google's data. And Facebook's data. This data should all be turned over to the public so we can all benefit, ASAP.
This is one of those rare topics where I can make a Modest Proposal style comment that I actually believe in!
You are not serious, right? Do you really want your search history to be publicly available? (Please don't say anonymization as it is possible to go around that.)
I am serious in that there is far too much potential public benefit in that data to keep it locked in the hands of a private corporation.
In my personal opinion, it's the worst wealth inequality issue we face, as will become more and more apparent in the coming years. As one example, it's far too powerful an advantage as training data for AIs to let one organization control it.
I appreciate the challenges in making it publicly available, but I also believe it's something that will have to be done in the long run.
... because Uber is a special snowflake, haven't you heard? /s
Uber is trying to differentiate itself from the standard taxi companies in order to avoid the same level of regulations and issues. To do that, you can't concede on any front no matter how trivial or reasonable it sounds.
Yeah, and it's virtually inevitable that city hall catches up with them eventually somewhere. They have to win all the city hall fights everywhere. Also Lyft does too-- if Lyft ever capitulates in exchange for licensure, Uber has to as well, lest they be out in the cold.
Sooner or later somebody is gonna get one of them, and then all the other cities are going to say "Hey, if Los Angeles gets your ride data, then why can't Topeka?"
Why not rephrase the question to "Just because taxis have to give this data, why should Uber?" or "Why traditionally do taxis have to give this data?" These types of situations are perfect for re-examination/re-justification. We should question the law in general and then question its equitable application. Unfortunately, it takes law applications like this to bring up the obvious need for re-justification.
I think this is the key take away from the article:
> Uber offered to give officials data on how long each trip lasted, without any location information. The regulator rejected this idea, in part because it appears to have more in mind than driver fatigue.
I tell Uber the exact address at which I should be picked up and dropped off. Taxis don't get nearly that much granularity. Furthermore, one can pay for taxis with cash.
Uber also tracks you before/after, even if you're not using the app.
I can only guess all the reasons why. But it should help them predict supply and demand/gouge you better. It's worth knowing when everybody starts to head for the exits from the Rolling Stones concert. And if you came from there, it's worth knowing to predict what fare you might be willing pay, even if you hail a couple of blocks away from the arena to avoid the crush.
>Uber also tracks you before/after, even if you're not using the app.
You don't have to elect to have background tracking on. Undoubtedly, most users have elected to keep it on but there is the option to turn it off and just type in the pick up and drop off address.
I don't have a problem with anyone knowing when I am at, or near, Grand Central or Penn Stations. I have an issue with a politician knowing I visited the home of a potential rival three times in a week before campaign filings are due.
You can (any probably should) slightly fuzz the addresses you're providing Uber. They're tracking you with GPS before and after your rides anyway, but you might as well make it a little harder for them to track you.
Yellow cabs work when you hail it at point A and get dropped off at point B. Addresses are recorded but not the identity.
Uber cabs work when you request it at point A and get dropped off at point B. Addresses are recorded and the identity.
Yellow cabs share its data. All journeys along with their start, end coordinates. No identity issues as their platform could not record it.
Say if Uber cabs could share its data. All journeys along with their start, end coordinates. No need to share identity of the person associated with that journey.
Using Yellow cabs data set, if I have an address of my friend's place then I can figure out his journeys pattern when I see a frequency of his apartment address (minus the home number) either by data crunching around his address or the nearest corner intersection where he can potentially hail a cab.
I really don't see what's a huge deal here, unless Uber really does not want to expose its $ amount for a variety of reasons that I don't want to get into. Uber can strip off identity data, they can even strip off building numbers by normalizing pinpointed building numbers to nearest intersections. Sure every place can not have a nearest intersection. In that case, provide macro geo-information for the neighborhood. Trust me, every address has a nearby intersection in the city of New York.
Medallion taxi services in NY have to share pick up and drop off data with NYC's government. Even though each of those cars are privately owned and operated. In NYC, Uber drivers are all required to have taxi licenses. It seems reasonable that a private medallion-competitor should have to share the same information that the private medallion-owners do.
Uber operates in NYC under the City's Taxi and Limousine Commission. No medallion, but drivers and vehicles must be registered to the TLC in order to legally operate.
Except taxi services don't (usually) track detailed GPS info on where they picked me up and dropped me off. Further, if I pay with cash and don't break their rules, they don't know/care who I am.
If the argument really boils down to "everyone else is doing it" or "that's what we've always done!" they should stop and apply some critical thinking.
Taxis accepted a lot of obtrusive regulations because they were granted a monopoly by the city. I don't see why Uber should obey these regulations when they are not getting any such sweetheart deals.
Who is the monopoly here? Anybody is free to buy a medallion and own a yellow cab.
Besides yellow cabs there are also private livery cabs aka "black cars/car service."
"CURRENT OWNERSHIP: 17 percent of medallions are owned by cab fleets; 54 percent are owned by leasing agents, who delegate management to fleets; and 29 percent are owned by independent drivers"
Great point but there are some legitimate reasons that the city may want ride data especially if Uber wants to replace multiple forms of transportation (taxis, personal vehicles, frieght delivery, ride services for the elderly/disabled etc).
There are also other municipal needs like collecting utility information from radio systems or pavement management surveys that cities often drive around to collect - Uber could potentially be utilized for data gathering if it was determined that they had sufficient coverage etc.
Every GIS nerd would love a data set like the Uber tracks for analysis and to see what else they could be used for (Uber for mass license plate collection is like something from Black Mirror).
This data could be extremely helpful to planning out public transportation. You would be able to determine the most common areas people go to, where they come from, when they typically go there, etc. All would help in planning bus routes/subway lines/etc.
They're not in competition with one another. Together they are both in competition with privately owned cars. A transportation system effective enough to compel people to give their cars up is good for both of them. Uber alone is too expensive, and public transit alone can't provide service everywhere all the time cost effectively.
If the city wants to contract with Uber (or FedEx or UPS or...) to do pavement management surveys, that could be an interesting conversation. But that's not what the city is asking for or has proposed.
Instead of imagining uses for their data, let's realize it's their data that we have individually given them and we may not want the city - any city - to have.
I don't want the government knowing this much information about me. But I see how it would benefit transit planners and regulators to have this data. Can they just blur it out to coordinates with a 100-foot radius or something similar?
Additionally, the data is anonymized; the original taxi dataset mentioned in the article had poorly-hashed Taxi ID numbers which is how privacy was compromised. Subsequent TLC datasets lacked that field completely.
Yeah I worded that poorly, I didn't mean to state that Uber was claiming that, merely that the article seemed built on a faulty premise. Uber could very well be considered public transportation at some point in the future and they may claim it to get tax breaks / infrastructure spending etc, but that's way way way out in the future if at all.
Per your quote, they _aspire_ to be similar to public transportation, they don't claim to be public transportation - it isn't premature for them to claim to be public transportation because they don't [claim to be].
Oh, well I meant that Uber shouldn't (yet) claim to be public transportation (and they don't). So the idea that are and are not sharing data is a problem isn't true.
You know, it's possible to simultaneously be critical of the government request for data, and the very real concerns that of course they won't successfully anonymize location data, and also have a realistic view that Uber wants to "sell" your data, not "protect" it.
I don't know about this: "of course they won't successfully anonymize location data".
Yes, it's well known that they screwed this up. But that doesn't mean that we should therefore distrust them forever. Although it's tricky, figuring out the right level of granularity for revealing taxi ride data to the public seems doable, and we shouldn't let cynicism prevent all attempts at a compromise.
The fact that they screwed it up in the past means they demonstrated a lack of ability to get it right. Unless we have strong evidence that they've fixed that deficiency, it seems unwise to repeat the same mistake.
Better safe than sorry seems like the right heuristic here given that once private data is released in the wild, it will remain public forever [1].
Yeah, and companies in the private sector screw up n similar fashion on a regular basis. What strong evidence do you want that they've fixed the deficiency? Government is about as open organizationally as any entity - you can serve FOIA requests asking what government has done to mitigate some past screwup and get back reams of documentation, which is more than you can say for private entities. I seem to remember Uber having its own history of privacy violations.
Easy - propose a process for releasing data, and get it publicly vetted by privacy/security researchers. I'm pretty sure anyone who understands basic crypto would know that MD5 hashing low-entropy text fields is problematic. The fact that they missed this means they just handed this procedure off to a random coder who didn't know any better. That doesn't sound like at all like a sane process for releasing gigabytes of highly personal data.
Private companies have their own issues, obviously, but just because A is bad doesn't mean we should lower our standards for B.
Also, private companies have your data because consumers interact with them directly, so at least there is some implicit consent involved. But I'm less convinced that they should be forced to hand that data over to public agencies that have only a very tangential relationship with the user. If I take an NYC cab ride, why should the city government get to see that, especially if I don't live there?
As for your cab ride, because the government of NYC is who people turn to when they have problems with their cab ride and don't get satisfaction from the cab company. Honestly, talking to some people it's like they were living in some free market garden of Eden one day and then government came along and ruined everything. People institute governments to 'secure their rights'; it's your choice to take an oppositional attitude rather than a participative one towards government.
You are the one saying you want certitude about the security of information held by government; why not propose your preferred standard for how data should be released, maybe get some peer security experts to refine it or agree on a suitable candidate, and then promote its adoption by government with an economic argument?
It seems not to have crossed your mind that government failure is often the result of past policy decisions imposed by representatives or the voters themselves on how things should be done, and that they're often mandatory for the people who work in government. They may know a policy or procedure or person's performance is flawed, but lack the legal or budgetary authority to do anything about it. Sometimes inefficient policies are in place as a political payoff to a corporation, union, or individual - corruption is a problem, and legislatures are essentially political marketplaces, and subject to certain failures of markets. Other times inefficiencies are just unintended consequences of well-intended legislation that was poorly crafted, or outlived its usefulness, or conflicting imperatives that lead to legal race conditions.
Try thinking of government as the operating system (or platform if you prefer) of society. It's buggy, bloated, nominally open but actually with a bunch of closed-source stuff in it, some people mine it for exploits or sneakily implement their own, and so on. You have this huge codebase written in multiple languages running on all sorts of legacy institutional hardware, all strung together in a giant embedded system that is supposed to operate 24-7, often under difficult conditions. Oh, and there's bitter disagreement between two factions of developers with radically different ideas about, well, everything.
Refactoring this isn't an easy undertaking. I suggest to you that the problems of government are similar to the problems of a large software project, and involve many of the same sort of trust problems that operating systems do. Consider that there is a relatively small number of successful operating systems/platforms, none of them were built overnight, and they all suffer from various faults and have interoperability issues - some by design, some by oversight. Your black-box approach to government is of limited utility because it's not like you can easily swap it out for a better one.
I'm not sure how you somehow found a broad antigovernment oppositional attitude in these posts here. All of what you say about governance can be true, and I largely agree with it, but I still don't want NYC to have my data and I do think the onus is on them to show they will be responsible custodians because they screwed it up in the past. Once bitten, twice shy.
I don't know if you've tried to do free work for governments and get them to go along with your initiatives before, but I bet you that it quickly becomes a politicized process and is much more painful than, say, submitting a PR. I don't have the time, energy, or resources to do such a thing, but I do have the ability to vote against policies that I feel are misguided. If you have examples of normal citizens getting municipalities to adopt their initiatives and the process going smoothly, I'm all ears.
Also, the point here is that Uber is not a cab ride; if I take a cab ride I can understand why NYC gets the data directly since cabs are a de facto government-established monopoly, but I don't see why that extends to my business dealings with a private corporation.
I still don't want NYC to have my data and I do think the onus is on them to show they will be responsible custodians because they screwed it up in the past
As I pointed out in the first place, with a public entity like NYC you can file FOIA requests to find out what they actually did to mitigate the problem and ensure it doesn't recur. Is it enough? Opinions will vary, but reliably ensuring better security practices in the future will require some sort of rule, if only to identify the standard their IT operations need to comply with.
Meanwhile, the city is still expected to respond to complaints from residents about the cab service and to carry out its existing oversight functions which are almost certainly mandated by law. Uber's right to operate a transport service is subject to the same laws as every other transit service, so there's no legal basis for them to have a veto over the city contingent on the city meeting some (undefined) standard of reliable data custody. That would be giving a private entity (Uber) authority over the data security policy of NYC, which is an absurdity.
Certainly their opinion matters, as does yours as a voter, or even (very indirectly) as someone who chooses to drop some of your tourist $ in NYC or not. But having an opinion which you attempt to everage at election time (occasionally alone or more commonly through donating to some lobbying group to do it for you) is very different from a company unilaterally declining to comply with a rule and then claiming to be doing so in order to uphold your interests rather than their own.
Also, the point here is that Uber is not a cab ride
Of course it is. You summon a vehicle to transport you in comfort from A to B and you pay on arrival. Summoning them via an app rather than via a telephone call or a wave down is a mere operational detail. You're still hiring a car, for the time being cars are driven by people, and the law in New York is that commercial drivers can't work more than 60 hours a week (because of the increased risks of accidents due to driver fatigue, which is backed up by a lot of data) and have to be able to provide work logs on request.
The existence of a difference tells you nothing about its degree. From the point of view of the customer and driver, there is virtually no functional difference between Uber or any pre-existing taxi company. The significantly different business, dispatch and billing practices don't alter the fact that it's a ride-for-hire service.
Consumers vote with their wallet and if the transgression is large enough the company feels it.
It's easy to get lost in the tech echo chamber where we take security seriously, but many average consumers don't. So we incorrectly associate our priorities with theres.
Just take a look at Chipotle for evidence of this with the average consumer. A number of incidents of e. coli outbreaks led to sales plummeting and wiped away nearly 50% of their equity in the ensuing troubles.
Though same store sales have rebounded considerably they are still off 50% and questions continue to remain.
So trust me, when the consumer is affected directly in a way that they prioritize they take action and the company is definitely affected.
Unfortunately many security related incidents never trickle down to the consumer in the way that an E.coli outbreak did. Just compare what happened to Chipotle for a handful of E.coli cases versus Yahoo being compromised for 1 billion users data.
Evidence shows that in the vast majority of cases (home depot, target, psn, jp morgan etc) they do no such thing.
Chipotle is getting people sick, people don't like to be sick. Uber, the above mentioned breaches, and the GP were talking about their data. People don't care about that, hence companies face no real penalty for not protecting data.
That's the point I was making. That for most consumers a security breach isn't viewed the same as an E.Coli outbreak. Although the likelihood of you catching E.Coli is less than 1% the resulting impact was huge. Meanwhile like you mentioned there have been a number of large retailers where your likelihood of having your data compromised was well over 50% and people didn't react at all.
The area where I'm really interested in obligatory publishing of data is financial data from stock exchanges. How great would it be if Google or someone from the next batch of HN was free to make a superior, cheaper versions of Bloomberg/Reuters? Would save so much time and money within the financial world.
I think it's not unlikely that we will see new legislation soon which will oblige companies to make some of their data available to the public or at least public organizations so that they can be used for public good. In fact this wouldn't be unprecedented, and nothing that would be (IMHO) very detrimental to these companies.