Uber settles complaint over data protection for riders, drivers

Uber agreed to implement new data protection measures to settle complaints that it failed to prevent improper snooping on driver and customer information, officials said Tuesday.

The ridesharing giant had faced complaints that it allowed some employees to use the “God view” to monitor customer movements that could allow Uber managers to keep tabs on journalists investigating the ridesharing giant.

A separate complaint said that Uber had also failed to prevent a data breach that allowed hackers to gain access to personal information on some 100,000 drivers.

The Federal Trade Commission announced a settlement on an investigation into allegations that Uber failed to live up to data protection claims. It requires Uber to submit to independent privacy audits every two years for the next 20 years.

“Uber failed consumers in two key ways: First by misrepresenting the extent to which it monitored its employees’ access to personal information about users and drivers, and second by misrepresenting that it took reasonable steps to secure that data,” said FTC acting chairman Maureen Ohlhausen in a statement.

“This case shows that, even if you’re a fast growing company, you can’t leave consumers behind: you must honor your privacy and security promises.”

Ohlhausen said the agency began its investigation in response to a “consumer uproar” over reports that Uber executives used “God view,” indicating the whereabouts of riders, for parties and other purposes.

“We’ve always treated geolocation as sensitive information,” Ohlhausen told a conference call.

The settlement contains no financial penalty, but Uber agreed to implement “a comprehensive privacy program” that will include independent audits, the FTC said. If it fails to live up to the agreement it could face fines.

The agency which enforces consumer and privacy protection said Uber had announced in November 2014 — but failed to enforce — a “strict policy” prohibiting employees from accessing rider and driver data except for legitimate business purposes.

The FTC added in a statement that Uber “did not take reasonable, low-cost measures” that could have prevented a breach by using better practices to protect data in the internet cloud.

Uber, which has become the world’s most valuable venture-backed startup despite complaints from regulators and others, has been roiled by a series of revelations about a toxic work culture and questionable business practices.

Its chief executive Travis Kalanick resigned in June, but investors and board members are battling over his successor and a lawsuit by one investor alleges Kalanick has been working behind the scenes to manipulate the board.