Uber’s Data Privacy Policy: Is There Cause for Alarm?

Uber is a widely used commuter app — with over 8 million users and over 100,000 active drivers, to be exact. So it’s unsettling, to say the least, that one of the leaders in transportation services via mobile devices is experiencing issues over its data privacy policy. And yet, controversy regarding privacy has been following Uber for some time now.

Naturally, Uber requests personal information from their customers in order to connect them with available drivers in the area. These transactions occur through an app downloaded to the user’s smartphone, and a ride is requested by specifying the desired route and car service. The user then gets notified with the driver’s information, including their name and license plate number. This all seems simple and requisite on the surface.

Read More: Why Your Fingerprint Login May Not Be Safe

Back in 2014, an Uber executive made some off the record remarks about hiring “opposition researchers.” It made the public speculate about whether or not the company would actually exploit customers’ information for their own ends. Uber assured that they take their strict privacy policy seriously and that employees are explicitly forbidden from accessing either a user or driver’s data. The company went on to attest to user confidentiality by explaining that customer information would only be used for straightforward business purposes, like ensuring drivers are paid, problem solving, monitoring accounts for fraudulent activity, and so on.

Then, just last year, EPIC filed a formal complaint regarding changes Uber was planning to make to their privacy policy. They alleged that Uber’s collection of customer data, including location and contacts information, as well as agreements on advertising, would leave users at greater risk of compromising their privacy. Deceptive settings and agreements are easy to manipulate for the purposes of advertising and are unfair to anyone who signs up for the service unaware of this possibility.

Later in 2015, Uber released information on millions of passengers to California state regulators, assuaging no one’s fears on what they’re capable of. To mitigate growing concern, Uber complied with the release of a “Transparency Report,” which evidenced that the state agency had submitted several requests for information. Other regulators and law enforcement had done the same thing. Uber claims to try and “narrow the scope” of regulator requests, but this argument did little to ease tensions. Even if the full scope of the data is not released, identities can still be deduced from the information given.

Uber is not alone in the storm of data privacy. Tech enabled goods and services has opened a Pandora’s box for security concern with little precedent on how to handle it. Since 2010, Tech companies have been held increasingly accountable with Transparency Reports, and this is a good place to start, because if nothing else, it starts the security conversation.