Article Lead Image

What’s in Uber’s privacy policy?

And, more importantly, should you worry?


Alex La Ferla


Posted on Nov 20, 2014   Updated on May 30, 2021, 4:16 am CDT

It shouldn’t come as a complete surprise to Uber users that the company has access to its customers’ location. After all, that’s how the immensely popular app locates passengers and gets them where they want to go. But users have a certain amount of trust in Uber that the company won’t misuse customer data—a trust that is quickly eroding, following a Buzzfeed report that Uber tracked a journalist’s location without her knowledge.

In an apparent attempt to ease riders’ fears regarding how their personal data might be used, Uber released a brief, updated privacy policy Monday on its blog. According to the post, the company “has a strict policy prohibiting all employees at every level from accessing a rider or driver’s data.” The only exceptions made are for a “limited set of legitimate business purposes.” Uber’s new policy also vows that “violations will result in disciplinary action, including the possibility of termination and legal action.”

But what, exactly, do those “legitimate business purposes” entail, and what are the criteria for determining a violation? As it turns out, that clause leaves Uber with a lot of wiggle room, with the company citing just a few examples, like “facilitating payment transactions for drivers,” rather than a more exhaustive list of permissible uses that might actually allow for enforcement of a strict policy that would protect customers’ privacy.

In the past, Uber has drawn criticism for allegedly using “God View,” a tool that allows Uber to see where their users and drivers are in real time, to entertain attendees at launches in new cities. They have also used geolocation and time stamp information as a way to ascertain patterns concerning their passengers’ sex lives, although individual users in this case remained anonymous.

Incidents like these were apparently not out of line with Uber’s existing policy from July 2013, which is still posted. Monday’s blog post does little to reassure users that similar actions in the future will be punished.

Finally, as Jeff Roberts at Gigaom points out, Uber maintains your personal data and travel history even after you delete your account (which is itself not an easy feat). According to the 2013 policy, “Even after your account is terminated, we will retain your Personal Information and Usage Information (including geolocation, trip history, credit card information and transaction history).” So yes, if for some reason Uber wanted to track you, it likely could, with ease… even if you no longer use the service. 

Of course, Uber’s business model depends on access to its users’ information. It is understandable that the company doesn’t want to pen itself in with restrictive language. However, without further legal remedies, Monday’s blog post does not give the impression that it is anything but an attempt to sidestep a PR disaster. 


Share this article
*First Published: Nov 20, 2014, 10:30 am CST